Senior Cybersecurity Engineer

Evolver is seeking a Senior Cybersecurity Engineer to engineer, implement, and validate security controls within system architectures, while enabling continuous monitoring and automated authorization (ATO) aligned to RMF.

This role focuses on embedding NIST-based security controls directly into system design and operations, ensuring systems remain in a continuous state of compliance and authorization through automated validation, telemetry, and engineering-driven evidence generation.

What You'll Do

• Integrate security controls (NIST SP 800-53) into system architectures, applications, and infrastructure as part of the SDLC
• Engineer and implement technical control solutions (identity, logging, vulnerability management, configuration enforcement)
• Perform control implementation and validation, ensuring controls are operating as intended within the system
• Support RMF lifecycle activities (categorization, control selection, implementation, assessment, and authorization) with a strong engineering focus
• Design and implement continuous monitoring (ConMon) capabilities that validate control effectiveness using system telemetry
• Enable automated ATO (cATO) by integrating control checks, telemetry, and validation results into ongoing authorization decisions
• Develop machine-testable control assertions and automate validation using scripts, APIs, and security tools
• Generate and maintain RMF artifacts (SSP, SAR, POA&M) through automated data collection and system outputs
• Conduct security engineering analysis of system data flows, architectures, and dependencies to identify risks and control gaps
• Implement and validate compensating controls where standard controls cannot be fully applied
• Support audit readiness and assessments by ensuring traceable, reproducible control evidence
• Collaborate with system owners, developers, and ISSOs to ensure security is built into system changes and deployments

• Bachelor's degree and 5 years of related experience.
• 5 years of experience supporting compliance or cybersecurity reporting (e.g., FISMA, RMF) required.
• 5 years of experience implementing and validating NIST SP 800-53 controls within systems
• 3 years of experience supporting RMF and ATO processes (hands-on with control implementation, not just documentation)
• 2 years of experience with continuous monitoring strategies and tools (e.g., Splunk, Elastic, Tenable, CDM)
• 2 years of experience working with system architectures, data flows, and security integration points
• 1 years of experience with RMF artifacts (SSP, SAR, POA&M) and how they map to system implementations
• Must be able to obtain DHS Suitability(EOD) and have active Secret or above clearance, * Strong communication and collaboration skills to engage both technical and non-technical stakeholders.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Ability to clearly communicate complex technical concepts to technical and non-technical POCs.
• Experience enabling or supporting cATO / ongoing authorization models
• Scripting or automation experience (Python, APIs, infrastructure-as-code)
• Experience with DevSecOps / CI/CD pipeline security integration
• Understanding of policy-as-code / compliance automation approaches
• Experience in DHS CDM environments
• Excellent organizational skills and attention to detail.
• Strong analytical, critical thinking, and problem-solving skills.

Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies.

Evolver is a cybersecurity and digital transformation company supporting national defense, federal civilian agencies, and Fortune 500 organizations. We help customers secure critical systems, modernize enterprise technology, and solve complex operational challenges through integrated capabilities spanning cybersecurity, enterprise IT infrastructure, cloud, software development, data analytics, legal technology and eDiscovery, applied AI, and electronic security systems. Our teams combine deep technical expertise with mission understanding to deliver secure, reliable, and scalable solutions that advance performance in high-stakes environments.