Job Description: We're looking for a Senior Cybersecurity Engineer to lead the security side of software delivery on a large Navy readiness reporting program. You'll work shoulder-to-shoulder with the development teams - embedding security into how code is designed, built, tested, and deployed, not bolting it on at the end. This is a hands-on technical leadership role, not a paperwork role. You'll set the DevSecOps standards and tooling, drive secure design and code reviews, coach engineers on secure practices, and lead a small cybersecurity team. You'll also stay close enough to the RMF posture to make sure the program stays accredited as systems evolve.
Responsibilities include:Primary Responsibilities
- Lead DevSecOps practice across multiple development teams. Set the standards, the toolchain, and the bar.
- Integrate SAST, DAST, software composition analysis, container and image scanning, and IaC scanning into CI/CD pipelines. Tune the tools so they catch what matters and don't drown the teams in noise.
- Drive secure design reviews, threat modeling, and code-level remediation guidance. Push back on design decisions that create unnecessary risk - and explain why.
- Own the cybersecurity engineering posture: vulnerability response, patching cadence, hardening baselines, and the program's ongoing RMF/ATO health as the software evolves.
- Lead and mentor a small cybersecurity team. Coach developers on secure coding. Represent cybersecurity in technical decisions with the customer, software leads, and program leadership.
Additional duties and Responsibilities of the Cybersecurity Lead Engineer include, but are not limited to the following:
- Stay current. DoD cyber guidance, tooling, and best practices keep moving - bring useful changes back to the team and the program.
- Communicate cybersecurity posture and risk clearly - in writing and out loud - to people who don't live in the details day to day.
- Build the team's standards and reusable patterns. Don't make the next person solve the same problem from scratch.
- Take ownership. When something is broken or missing, fix it or get it fixed.
Here's what you need:- 10+ years in cybersecurity engineering, with 5+ years specialized in network and application security.
- Demonstrated DevSecOps experience: integrating security testing into CI/CD pipelines using tools like SonarQube, Fortify, Checkmarx, or Snyk in Azure DevOps or comparable platforms.
- Hands-on with secure SDLC, threat modeling, secure code review, container security, IaC scanning, and SBOM practices.
- 5+ years implementing RMF for DoD systems, including continuous monitoring and ATO sustainment as the software changes around you.
- IAM Level II Information Assurance Certification (per DoDI 8570.01-M and SECNAV M-5239.2), or equivalent under DoDM 8140.03 at Intermediate or Advanced proficiency.
- Active CISSP or Qualified Navy Validator required.
Bonus Points If You Have:- Qualified Navy Validator designation; CSSLP, CCSP, GWAPT, or similar; prior work on DoD or Navy software programs; experience hardening cloud workloads.
Security Clearance:Education:- Master's degree in computer science, cybersecurity, engineering, or a related technical field. Bachelor's with significant additional relevant experience considered.
Work Schedule:Compensation and Benefits:Cydecor offers a comprehensive compensation package including Health and Dental Insurance, Vision and Life Insurance, Short-Term & Long-Term Disability, 401(K) + company match, Paid Time Off (PTO), Paid Company Holidays, Tuition and Professional Development Assistance and more.
Key Words: Cybersecurity Engineer, Senior Cybersecurity Engineer, Lead Cybersecurity Engineer, DevSecOps Engineer, DevSecOps Lead, Application Security, Software Security, Security Engineer, Cybersecurity Architect, Secure Software Development, Secure SDLC, DevSecOps, CI/CD, Azure DevOps, Security Automation, Secure Coding, Threat Modeling, Secure Code Review, SAST, DAST, Software Composition Analysis (SCA), Container Security, Infrastructure as Code (IaC), SBOM, Vulnerability Management, Security Hardening, RMF, Risk Management Framework, ATO, Continuous Monitoring, eMASS, NIST 800-53, Security Compliance, Information Assurance, ISSE, Cloud Security, AWS, Azure, Kubernetes, Docker, SonarQube, Fortify, Checkmarx, Snyk, CISSP, CSSLP, CCSP, Qualified Navy Validator, IAM Level II, DoD 8570, DoDM 8140, U.S. Navy, Department of Defense, DoD, Federal Government, GovCon, Mission Systems, Cleared Jobs, Secret Clearance
