Lead Security Engineer

Dev Technology

$120K — $190K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field
  • 15+ years of relevant IT/cybersecurity experience at SME level
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Expertise in integrating security into a DevSecOps SDLC
  • Experience implementing Zero Trust Architecture and managing NIST controls
  • Proven ability to lead vulnerability assessments, penetration testing, and threat modeling

Responsibilities

  • Lead design and implementation of application security solutions across the SDLC
  • Implement Zero Trust principles aligned with key security frameworks
  • Integrate security into DevSecOps CI/CD pipelines with automated controls
  • Direct Static and Dynamic Application Security Testing and vulnerability assessments
  • Lead threat modeling exercises to identify attack vectors and mitigation strategies
  • Support the Authorization to Operate process and manage security artifacts
  • Develop metrics and reporting to track application security posture

Benefits

  • Work in a large-scale, cloud-native federal modernization program
  • Opportunity to lead major security tasks and influence program implementation
  • Engage with senior Government stakeholders and provide expert security consultation
  • Receive professional development and growth opportunities in cybersecurity
  • Collaborative work environment with cross-disciplinary teams
Full Job Description
Lead Security Engineer, #1073

Security Requirement: U.S. Citizenship required

Work Location: Suitland, MD

We are seeking a Subject Matter Expert (SME)-level Lead Security Engineer to lead application security across a large-scale, cloud-native federal modernization program. This role provides technical and management leadership on major security tasks, embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce Zero Trust principles, drive Authorization to Operate (ATO) activities, and direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS). This position interfaces with senior Government stakeholders and the Office of Information Security (OIS), and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others.

What You'll be Doing:
  • Lead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC
  • Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture)
  • Integrate security into DevSecOps CI/CD pipelines, establishing security gates, automated code inspection, and supply-chain controls, including Software Bill of Materials (SBOM) generation
  • Direct Static and Dynamic Application Security Testing (SAST/DAST), vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses
  • Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment
  • Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA&M) management
  • Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53, and remediate identified vulnerabilities and compliance findings
  • Design and implement secure architecture patterns - secure API design, authentication/authorization, input validation, encryption, secure logging and monitoring (SIEM), and secure error/session/configuration management
  • Develop and maintain metrics, dashboards, and reporting to track application security posture, threat trends, and remediation progress over time
  • Support the development and management of Interagency Security Agreements (ISA), security playbooks, and incident response in accordance with current cybersecurity policies
  • Collaborate with application developers, data engineers, systems engineers, and OIS to identify and mitigate vulnerabilities, and provide expert security consultation to development teams
  • Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results, as applicable

Required Education, Experience, and Skills:
  • Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field
  • 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Demonstrated expertise in integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing
  • Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework
  • Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications
  • Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection
  • U.S. Citizenship required

Preferred Skills and Experience:
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls
  • Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration
  • Experience in large-scale, multi-cloud federal environments and FedRAMP processes
  • Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders


Our estimated salary range for this position is $120,000 - $190,000; this presented salary range is not a guarantee of compensation or salary. Offered salary is based on experience, geographic location, and possibly contractual requirements as appropriate to the role. *Salary could fall outside of this range.

Similar Jobs

More Jobs at Dev Technology

More Information Technology Jobs

Find similar Lead Security Engineer jobs: