Security Engineer

HyerTek

$140K — $155K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years in cybersecurity for federal/DoD systems with RMF experience
  • Ownership of at least two systems through full RMF authorization
  • Hands-on experience with eMASS or equivalent
  • Proven hardening of systems to DISA STIG compliance
  • Knowledge of cloud security architecture including identity and SIEM
  • Understanding of CUI handling and DoD Cloud Computing SRG
  • DoD 8140/8570-compliant certification (e.g., CISSP)
  • Strong technical writing skills for evidence production

Responsibilities

  • Own RMF execution including categorization and assessment
  • Author and maintain System Security Plan and POA&M
  • Serve as liaison to Government security personnel
  • Implement hardening according to DISA STIGs
  • Design and operate continuous-monitoring posture
  • Engineer data protection measures and key management
  • Implement least-privilege access and zero-trust controls

Benefits

  • Medical, dental, and vision insurance
  • 401(k) with employer contribution
  • Paid time off (PTO) and company holidays
  • Flexible work arrangements
  • Professional development and certification support
  • Employee assistance program (EAP)
  • Life and disability insurance
Full Job Description
Job Type

Full-time

Description

HyerTek is hiring a Security Engineer / Information System Security Engineer (ISSE) to own the security engineering and Risk Management Framework (RMF) execution for secure enterprise applications delivered to federal customers on Azure Government. You will implement and document security controls, produce the authorization artifacts, and drive the assessment-and-authorization activities that earn and sustain a system's Authority to Operate - while the Government Authorizing Official retains all authorization authority.

This is a critical-path role. Systems are configured, assessed, and separately authorized per environment, so you will carry the control implementation, the System Security Plan and POA&M, the hardening, and the continuous-monitoring posture - coordinating closely with cloud engineers, developers, and the Government. When accreditation is on the critical path, your work is what keeps delivery on schedule.

Location: Candidate must be located in the Washington, DC, metro region and must be available onsite in Maryland as needed. This role supports secure Government environments; a Secret clearance is required, with the ability to obtain Top Secret/SCI. All personnel shall meet DoD 8140/8570 (DoDM 8140 / DCWF) baseline requirements.

Responsibilities:
  • Own RMF execution - categorize, select, implement, assess, and support authorization under NIST 800-37 / 800-53 and DoDI 8510.01.
  • Author and maintain the System Security Plan (SSP), POA&M, and full control-implementation evidence; manage the authorization package in eMASS (or the Government's system of record).
  • Serve as the security engineering interface to the Government ISSM/AO and assessors; prepare for and support all assessment-and-authorization activities.
  • Implement and validate hardening against applicable DISA STIGs (application/ASD, container, database, OS) and track remediation to closure.
  • Design and operate the continuous-monitoring posture - audit logging, SIEM integration (Microsoft Sentinel / Log Analytics), and control-assessment cadence - and maintain POA&M currency.
  • Engineer and verify the data-protection posture: encryption in transit and at rest, key management (Key Vault / managed identity, customer-managed keys, FIPS-validated cryptography), and no secrets in source or image.
  • Own the CAC/PIV / DoD PKI validation design (OCSP/CRL) with the cloud and application engineers.
  • Enforce CUI handling and, where applicable, cross-domain and classified-data controls and spillage prevention.
  • Implement least-privilege access, zero-trust controls, and privileged-access administration (Bastion / JIT / MFA / privileged access workstations).
  • Produce and maintain the security documentation and as-built records required for accreditation and customer handoff.


Requirements

  • 7+ years in information system security engineering/cybersecurity for federal or DoD systems, with direct, hands-on RMF experience.
  • Demonstrated ownership of at least two systems through a full RMF authorization to an ATO/cATO - SSP, control implementation, POA&M, and package management.
  • Hands-on experience with eMASS (or equivalent) and NIST 800-53 control implementation and assessment.
  • Experience hardening systems to DISA STIGs and validating compliance.
  • Working knowledge of cloud security architecture - identity, network isolation (private endpoints), key management, and SIEM/continuous monitoring.
  • Understanding of CUI handling (DoDI 5200.48) and the DoD Cloud Computing SRG impact levels.
  • DoD 8140/8570-compliant certification for the ISSE role (e.g., CISSP, CASP+, or equivalent).
  • Strong technical writing and the ability to produce assessor-ready evidence.
  • Ability to carry security engineering and authorization across multiple environments on a lean, senior team.

Preferred Qualifications:
  • Direct experience accrediting workloads in Azure Government or classified Azure environments.
  • Experience with cross-domain solutions (CDS) and the SABI/TSABI process, or supporting a data-transfer accreditation.
  • Experience standing up continuous monitoring with Microsoft Sentinel and integrating with a designated CSSP.
  • Familiarity with securing containerized workloads (AKS, hardened images, image signing/scanning).
  • Experience with AI/LLM security controls (data-residency, scope-bound retrieval, prompt-injection defense) in a governed environment.
  • ISSM or RMF assessor experience; CISSP-ISSEP.

HyerTek offers a comprehensive benefits package, including:
  • Medical, dental, and vision insurance
  • 401(k) with employer contribution
  • Paid time off (PTO) and company holidays
  • Flexible work arrangements
  • Professional development and certification support
  • Employee assistance program (EAP)
  • Life and disability insurance

Clearance & Work Authorization

This position requires U.S. citizenship and a current Secret clearance with the Department of Defense. Candidates must be authorized to work in the United States without the need for employment-based visa sponsorship now or in the future. HyerTek will not sponsor applicants for a U.S. work visa status for this opportunity.

Salary Range

$140,000 - $155,000 annually, depending on experience and clearance status.

Salary Description

$140,000 - $155,000 per year

Similar Jobs

More Jobs at HyerTek

More Information Technology Jobs

Find similar Security Engineer jobs: