user avatar

Security Engineer

HyerTek Inc

Posted today

Job Requirements

Columbia, MD
Top Secret/SCI Polygraph not specified
Mid Level Career (5+ yrs experience)
$140,000 - $155,000

Job Description

HyerTek is a federal technology consulting firm delivering secure enterprise applications, data analytics, and modernization services to federal government agencies. HyerTek is hiring a Security Engineer / Information System Security Engineer (ISSE) to own the security engineering and Risk Management Framework (RMF) execution for secure enterprise applications delivered to federal customers on Azure Government. You will implement and document security controls, produce the authorization artifacts, and drive the assessment-and-authorization activities that earn and sustain a system's Authority to Operate — while the Government Authorizing Official retains all authorization authority.

This is a critical-path role. Systems are configured, assessed, and separately authorized per environment, so you will carry the control implementation, the System Security Plan and POA&M, the hardening, and the continuous-monitoring posture — coordinating closely with cloud engineers, developers, and the Government. When accreditation is on the critical path, your work is what keeps delivery on schedule.

Location: Candidate must be located in the Washington, DC, metro region and must be available onsite in Maryland as needed. This role supports secure Government environments; Candidates must have and maintain an active TS/SCI clearance with the Department of Defense. All personnel shall meet DoD 8140/8570 (DoDM 8140 / DCWF) baseline requirements.

Responsibilities:
Own RMF execution — categorize, select, implement, assess, and support authorization under NIST 800-37 / 800-53 and DoDI 8510.01.
Author and maintain the System Security Plan (SSP), POA&M, and full control-implementation evidence; manage the authorization package in eMASS (or the Government's system of record).
Serve as the security engineering interface to the Government ISSM/AO and assessors; prepare for and support all assessment-and-authorization activities.
Implement and validate hardening against applicable DISA STIGs (application/ASD, container, database, OS) and track remediation to closure.
Design and operate the continuous-monitoring posture — audit logging, SIEM integration (Microsoft Sentinel / Log Analytics), and control-assessment cadence — and maintain POA&M currency.
Engineer and verify the data-protection posture: encryption in transit and at rest, key management (Key Vault / managed identity, customer-managed keys, FIPS-validated cryptography), and no secrets in source or image.
Own the CAC/PIV / DoD PKI validation design (OCSP/CRL) with the cloud and application engineers.
Enforce CUI handling and, where applicable, cross-domain and classified-data controls and spillage prevention.
Implement least-privilege access, zero-trust controls, and privileged-access administration (Bastion / JIT / MFA / privileged access workstations).
Produce and maintain the security documentation and as-built records required for accreditation and customer handoff.

Requirements
7+ years in information system security engineering/cybersecurity for federal or DoD systems, with direct, hands-on RMF experience.
Demonstrated ownership of at least two systems through a full RMF authorization to an ATO/cATO — SSP, control implementation, POA&M, and package management.
Hands-on experience with eMASS (or equivalent) and NIST 800-53 control implementation and assessment.
Experience hardening systems to DISA STIGs and validating compliance.
Working knowledge of cloud security architecture — identity, network isolation (private endpoints), key management, and SIEM/continuous monitoring.
Understanding of CUI handling (DoDI 5200.48) and the DoD Cloud Computing SRG impact levels.
DoD 8140/8570-compliant certification for the ISSE role (e.g., CISSP, CASP+, or equivalent).
Strong technical writing and the ability to produce assessor-ready evidence.
Ability to carry security engineering and authorization across multiple environments on a lean, senior team.
Candidates must have and maintain an active TS/SCI clearance with the Department of Defense.

Preferred Qualifications:
Direct experience accrediting workloads in Azure Government or classified Azure environments.
Experience with cross-domain solutions (CDS) and the SABI/TSABI process, or supporting a data-transfer accreditation.
Experience standing up continuous monitoring with Microsoft Sentinel and integrating with a designated CSSP.
Familiarity with securing containerized workloads (AKS, hardened images, image signing/scanning).
Experience with AI/LLM security controls (data-residency, scope-bound retrieval, prompt-injection defense) in a governed environment.
ISSM or RMF assessor experience; CISSP-ISSEP.

HyerTek offers a comprehensive benefits package, including:
Medical, dental, and vision insurance
401(k) with employer contribution
Paid time off (PTO) and company holidays
Flexible work arrangements
Professional development and certification support
Employee assistance program (EAP)
Life and disability insurance


Salary Range
$140,000 – $155,000 annually, depending on experience and clearance status.


Equal Employment Opportunity (EEO)
HyerTek is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, or any other protected status.
group id: 91125207

Similar Jobs


Job Category
IT - Security
Clearance Level
Top Secret/SCI
Employer
HyerTek Inc