Lead Security Engineer

Lead Security Engineer Onyx Government Services,LLC - 4.5 Suitland, MD Job Details Full-time 1 hour ago Qualifications Zero Trust security DevSecOps Practices

NIST SP 800-53

Threat Modeling (Architecture security) Zero trust architecture design CISSP Security architecture risk management Security compliance frameworks implementation CCSP Information security compliance Technical solutions implementation Bachelor's degree Investigation evidence collection Continuous integration Regulatory Frameworks (Architecture security) Vulnerability management Cloud compliance Penetration testing implementation DevOps automation Security technology solutions implementations Evidence collection IT department experience SDLC Full Job Description About Us Onyx Government Services, LLC., is a Service-Disable Veteran-Owned Small Business (SDVOSB), headquartered in Fairfax, Virginia. We specialize in data management, integration, and analysis solutions to provide decision-ready information to Command and Control (C2) and Decision Support Systems. We have demonstrated expertise in the field of Information Technology, database & COTS integration, and custom software development. Onyx pairs subject matter and functional experts with developers to provide high quality, tailored solutions. In support of our various efforts, we have developed the Onyx Data Management Toolkit, a combination of Agile Development principles, COTS Integration, and custom software, to deliver flexible, cost-effective solutions to a variety of Department of Defense, Intelligence Community, and Law Enforcement agencies. Job Summary We are seeking a Subject Matter Expert (SME)-level Lead Security Engineer to lead application security across a large-scale, cloud-native federal modernization program supporting the U.S. Census Bureau's Decennial Transformation and Application Modernization (DTAM) effort. This role provides technical and management leadership on major security tasks, embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce Zero Trust principles, drive Authorization to Operate (ATO) activities, and direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS). This position interfaces with senior Government stakeholders and the Office of Information Security (OIS), and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others.

Work Location:

Suitland, MD Clearance:

U.S. Citizenship required •This position is contingent upon contract award. •Required Skills Demonstrated expertise integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing Hands-on experience implementing Zero Trust Architecture and applying

NIST SP 800-53

controls and the NIST Cybersecurity Framework Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection Desired Skills Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration Experience in large-scale, multi-cloud federal environments and FedRAMP processes Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders Education and Experience Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, or a related field 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level) Certified Information Systems Security Professional (CISSP) Certified Cloud Security Professional (CCSP) A4E3XO0y8Q