Job Requirements
Falls Church, VA
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description
Everforth ECS is seeking a Senior API Security Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
This role validates boundary controls for AI and machine-learning model APIs, proxy configurations, and external-model connectivity patterns within WDP Core Integration serving environments, applying enterprise API security methodologies to maintain mission assurance posture and operational readiness across all classification enclaves.
• Validates boundary controls for artificial intelligence and machine-learning model APIs, proxy configurations, and external-model connectivity patterns within War Data Platform (WDP) Core Integration serving environments supporting Department of War missions, Joint Staff analysts, Combatant Command elements, and Senior Executive Service leadership.
• Reviews authentication and authorization flows, throttling configurations, policy enforcement logic, and ingress and egress controls governing access to production-ready model endpoints.
• Applies API security methodologies using Kong Gateway, NGINX, Envoy, OAuth2, OpenID Connect, Kubernetes network policies, GitLab Continuous Integration, VMware environments, Elastic Stack, and Prometheus metrics to evaluate operational behavior, detect misconfigurations, and maintain mission assurance posture.
• Conducts structured assessments of external-model integrations-including Amazon Bedrock connectivity patterns-by validating token exchange mechanisms, policy boundaries, and cross-domain access controls aligned with enterprise DevSecOps standards.
• Performs change-approval activities by reviewing configuration updates, validating security impact, and documenting operational risk considerations for deployment pipelines and serving surfaces.
• Produces mission-critical deliverables-including API boundary-control assessments, policy-compliance reports, connectivity-pattern documentation, operational risk evaluations, and change-approval artifacts.
• Collaborates with Platform One, Cloud One, multi-national engineering teams, and cross-service mission partners to strengthen operational readiness, reinforce deployment consistency, and advance program value commitments across all enclaves.
• Supports Tier-4 incident-response actions by providing authoritative API security evidence, boundary-control documentation, and remediation guidance required for operational continuity and sustained mission performance.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• IAT II-level security certification (CompTIA Security+ CE, CompTIA CySA+, CompTIA Cloud+, Cisco CCNA Security, GIAC GSEC, GIAC GCED, or ISC² SSCP).
• Minimum 10 years of experience in API security engineering, application security, or cybersecurity engineering roles within classified or federal environments.
• Hands-on experience applying API security methodologies using tools such as Kong Gateway, NGINX, Envoy, OAuth2, OpenID Connect, and Kubernetes network policies to assess operational behavior, identify misconfigurations, and enforce boundary controls in production environments.
• Demonstrated experience conducting structured API security assessments of external-model integrations-including token exchange validation, policy boundary enforcement, and cross-domain access control verification-within enterprise DevSecOps frameworks.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Prior experience working within Platform One or Cloud One environments, including familiarity with their pipeline hardening standards, enclave-parity configurations, and artifact-management frameworks as applied to API security governance.
• Demonstrated experience integrating API security controls with observability platforms-such as Elastic Stack and Prometheus-to provide real-time visibility into endpoint behavior, anomaly detection, and cross-domain access patterns.
• Familiarity with Zero Trust architecture principles, including Attribute-Based Access Control (ABAC) and micro-segmentation strategies, as applied to AI/ML model-serving API surfaces across NIPRNet, SIPRNet, and JWICS environments.
• Experience authoring and maintaining change-approval documentation, API policy-compliance reports, and operational risk assessments that satisfy DoW RMF and continuous authorization requirements.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
Everforth ECS is seeking a Senior API Security Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax . Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
This role validates boundary controls for AI and machine-learning model APIs, proxy configurations, and external-model connectivity patterns within WDP Core Integration serving environments, applying enterprise API security methodologies to maintain mission assurance posture and operational readiness across all classification enclaves.
• Validates boundary controls for artificial intelligence and machine-learning model APIs, proxy configurations, and external-model connectivity patterns within War Data Platform (WDP) Core Integration serving environments supporting Department of War missions, Joint Staff analysts, Combatant Command elements, and Senior Executive Service leadership.
• Reviews authentication and authorization flows, throttling configurations, policy enforcement logic, and ingress and egress controls governing access to production-ready model endpoints.
• Applies API security methodologies using Kong Gateway, NGINX, Envoy, OAuth2, OpenID Connect, Kubernetes network policies, GitLab Continuous Integration, VMware environments, Elastic Stack, and Prometheus metrics to evaluate operational behavior, detect misconfigurations, and maintain mission assurance posture.
• Conducts structured assessments of external-model integrations-including Amazon Bedrock connectivity patterns-by validating token exchange mechanisms, policy boundaries, and cross-domain access controls aligned with enterprise DevSecOps standards.
• Performs change-approval activities by reviewing configuration updates, validating security impact, and documenting operational risk considerations for deployment pipelines and serving surfaces.
• Produces mission-critical deliverables-including API boundary-control assessments, policy-compliance reports, connectivity-pattern documentation, operational risk evaluations, and change-approval artifacts.
• Collaborates with Platform One, Cloud One, multi-national engineering teams, and cross-service mission partners to strengthen operational readiness, reinforce deployment consistency, and advance program value commitments across all enclaves.
• Supports Tier-4 incident-response actions by providing authoritative API security evidence, boundary-control documentation, and remediation guidance required for operational continuity and sustained mission performance.
• Performs other duties as assigned.
Required Skills
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• IAT II-level security certification (CompTIA Security+ CE, CompTIA CySA+, CompTIA Cloud+, Cisco CCNA Security, GIAC GSEC, GIAC GCED, or ISC² SSCP).
• Minimum 10 years of experience in API security engineering, application security, or cybersecurity engineering roles within classified or federal environments.
• Hands-on experience applying API security methodologies using tools such as Kong Gateway, NGINX, Envoy, OAuth2, OpenID Connect, and Kubernetes network policies to assess operational behavior, identify misconfigurations, and enforce boundary controls in production environments.
• Demonstrated experience conducting structured API security assessments of external-model integrations-including token exchange validation, policy boundary enforcement, and cross-domain access control verification-within enterprise DevSecOps frameworks.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).
Desired Skills
• Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
• Prior experience working within Platform One or Cloud One environments, including familiarity with their pipeline hardening standards, enclave-parity configurations, and artifact-management frameworks as applied to API security governance.
• Demonstrated experience integrating API security controls with observability platforms-such as Elastic Stack and Prometheus-to provide real-time visibility into endpoint behavior, anomaly detection, and cross-domain access patterns.
• Familiarity with Zero Trust architecture principles, including Attribute-Based Access Control (ABAC) and micro-segmentation strategies, as applied to AI/ML model-serving API surfaces across NIPRNet, SIPRNet, and JWICS environments.
• Experience authoring and maintaining change-approval documentation, API policy-compliance reports, and operational risk assessments that satisfy DoW RMF and continuous authorization requirements.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A