Position Title: Cybersecurity Engineer
Location:
US Congressional Budget Office
Ford House Office Building, 4th floor
2nd St SW, 441 D St SW
Washington, DC 20024
Period of Performance:
08/15/2026 - 08/14/2031
Place of Performance:
Remote work is authorized under this contract; however, at CBO's discretion, contractor employees may be required to work on-site at CBO facilities without reimbursement for related travel or expenses.
Security Clearance
Public Trust (Tier 2)
Citizenship
U.S. Citizenship or Permanent Residence status
Position Summary: The Cybersecurity Engineer designs, implements, and maintains enterprise security controls that enforce Zero Trust - identity-centric access, least-privilege enforcement, continuous monitoring, and threat detection across cloud, network, and endpoint environments - ensuring security technologies and services are configured, hardened, and continuously monitored to strengthen CBO's posture and detection/response capabilities.
Key Responsibilities:
- Support implementation, operation, and optimization of enterprise security platforms across cloud, on-premises, and hybrid environments.
- Implement/maintain controls aligned with NIST SP 800-53 (AC, CM, SC, AU, IR, SI families) and NIST SP 800-207 Zero Trust.
- Design/maintain least-privilege access - RBAC, privileged access management (PAM), and MFA across enterprise systems.
- Configure/manage IAM solutions; integrate with enterprise identity providers for secure authentication/authorization.
- Configure/maintain centralized logging, monitoring, and audit; integrate with enterprise SIEM; comply with retention policies.
- Conduct continuous monitoring, vulnerability assessment, and risk analysis aligned with NIST RMF; harden systems/apps/cloud to secure baselines.
- Secure cloud/hybrid environments (AWS, Azure) - security services, identity controls, network protections, workload security.
- Identify/remediate vulnerabilities; coordinate patching/mitigation; support IR (alert monitoring, analysis, containment, forensic collection).
- Maintain segmentation/access strategies to limit lateral movement; follow formal change management with security impact analysis.
- Develop/maintain cybersecurity SOPs, system configurations, baselines, and asset inventories; perform RCA; support 24/7 monitoring (SIEM, EDR/XDR, cloud-native tools).
- Collaborate with network, cloud, and application teams; serve as technical resource for advanced service desk and security issues
Required Qualifications:
- Hands-on experience engineering enterprise security controls across cloud, network, and endpoint per NIST SP 800-53 and NIST SP 800-207 Zero Trust.
- Experience with IAM, RBAC, PAM, and MFA, and integration with enterprise identity providers.
- Experience with SIEM and EDR/XDR - centralized logging, continuous monitoring, threat detection, triage, containment, and forensic collection.
- Experience with vulnerability management, NIST RMF risk analysis, secure-baseline hardening, and patch/mitigation coordination.
- Experience securing AWS and Azure cloud/hybrid environments and supporting audit readiness, SOPs, RCA, and 24/7 operations.
Education:
- Bachelor's degree in IT, Cybersecurity, or related field
Required Documents
Disclaimer:
By submitting your resume for this job posting, you authorize CMT Services, Inc. to forward your resume to all applicable internal and external managers, agencies, and recruitment personnel for review and consideration to hire.