BCMC is supporting a U.S. Government customer to provide support for onsite incident response to civilian Government agencies and critical asset owners who experience cyber-attacks, providing immediate investigation and resolution. Contract personnel perform investigations to characterize the severity of breaches, develop mitigation plans, and assist with the restoration of services. We are seeking a Senior Cybersecurity Engineer (Controls & Assessment Lead) to support this critical customer mission.
The Senior Cybersecurity Engineer will lead security controls implementation and risk assessment activities for technology integration initiatives. This role ensures all pilot and production integrations meet federal security requirements, maintain compliance frameworks, and align with CISA's risk reduction priorities while enabling innovation and modernization.
Responsibilities:
- Lead security controls assessment and implementation for technology integration pilots
- Establish risk frameworks for pilot design and execution activities
- Ensure compliance with federal security requirements (NIST, FISMA, FedRAMP)
- Conduct security assessments of proposed technology insertions
- Define security boundaries and controls for pilot environments
- Coordinate with RMF and security teams on authorization activities
- Ensure pilots maintain security posture and avoid becoming security liabilities
- Assess security readiness for scaling pilots into production
- Develop security metrics for measuring pilot and production outcomes
- Lead security governance review processes and decision points
- Ensure alignment with CISA Zero Trust Strategy and security architecture
- Conduct risk assessments for technology insertions across federated environments
- Support continuous monitoring and security validation of integrated capabilities
- Provide security guidance to development and operations teams
- Document security controls, procedures, and compliance evidence
Required Skills/Clearances:
- U.S. Citizenship
- Active TS/SCI clearance
- Ability to obtain Department of Homeland Security (DHS) Entry on Duty (EOD) Suitability
- 10+ years of experience in cybersecurity engineering or security architecture
- Expert knowledge of federal security frameworks (NIST 800-53, RMF, FISMA)
- Experience leading security assessments and authorization activities
- Strong understanding of risk management and security controls implementation
- Experience with security compliance in operational environments
- Knowledge of Zero Trust architecture and implementation principles
- Experience assessing security of AI/ML and emerging technologies
- Strong analytical and problem-solving skills
- Excellent documentation and communication abilities
Desired Skills:
- ITIL, PMP, or similar operations/project management certification
- Experience with CISA programs or similar federal cybersecurity operations
- Background in security assessment of malware analysis platforms
- Experience with cloud security assessment and authorization
- Knowledge of critical infrastructure security requirements
- Experience with continuous monitoring and automated compliance tools
- Familiarity with DevSecOps and security automation practices
- Background in penetration testing or vulnerability assessment
Required Education:
BS in Cyber Security, Computer Science, or related degree; Master's degree preferred, or HS Diploma and 7+ years of directly relevant experience
Desired Certifications:
- DoD 8140 IAT Level III
- CAP, CRISC
Benefits
Extremely competitive salary
95% employer paid for employee medical, dental, & vision coverages
100% employer paid for employee life, STD & LTD disability coverages
401k with company match and profit sharing
Flexible Spending Account (FSA) for dependent & health care
11 standard holidays & 3 weeks of annual leave
ESS-3422
Information Security Manager - III - ISM03
