Cybersecurity Assessment Engineer

Second Front Systems (2F) is seeking a motivated Cybersecurity Assessment Engineer to support our team. We are a fast-growing entrepreneurial team working at the convergence of technology and national security. The work will be dynamic and wide-ranging with cybersecurity, DevSecOps, and cloud infrastructure roles supporting the deployment and scale of our Game Warden platform.

As a Cybersecurity Assessment Engineer at Second Front Systems, you will help ensure that Game Warden maintains a strong security posture. You will work hand-in-hand with the DevOps Engineering and Mission Success teams to oversee the software vulnerability scanning process, review vulnerability scan results, assist the customers in understanding those results, and make approval recommendations for vulnerabilities that can't be immediately resolved. This role will require learning new things like researching identified vulnerabilities, assessing risk, solving big problems, speaking your mind, and contributing to a culture of diversity, innovation, and excellence. This role is key to the security of our cloud platform and of the customer applications running on it.

Note: This role requires U.S. citizenship due to government contract requirements. Additionally, candidates must reside in one of our approved hiring hubs:

• DC/Maryland/Virginia
• Raleigh/Durham/Chapel Hill, NC
• Denver/Colorado Springs, CO
• Dallas/Fort Worth, TX

What You'll Do

You will coordinate activities with the Principal Security Engineer, Platform team, and Customer Operations team.

Specific tasks include:

• Review web application artifacts of customer developed applications and provide customer feedback
• Primary face of the cybersecurity team to software development and mission success teams
• Assist with incident response plans to respond to application outages or downtime
• Technical Security Validation: Conduct comprehensive assessments of cloud infrastructure, applications, and containerized environments to verify compliance with DISA STIGs, SRGs, and CIS Benchmarks.
• Authorization Lifecycle Management: Author, review, and maintain high-quality security artifacts, including System Security Plans (SSP), Security Assessment Plans (SAP), and Security Assessment Reports (SAR).
• Continuous Monitoring (ConMon): Monitor and report on the ongoing effectiveness of security controls, ensuring the platform maintains a robust and authorized security posture.
• Vulnerability & Risk Analysis: Utilize automated scanning suites (e.g., Anchore, Trivy, Tenable) to identify vulnerabilities, distinguish true positives, and provide actionable remediation guidance to dev teams.
• Supply Chain Security: Implement and manage technical workflows for SBOMs (Software Bill of Materials) to support modern, continuous authorization standards.
• Cross-Functional Collaboration: Partner with DevOps and Software Engineering teams to translate complex NIST 800-53 controls into implementable technical requirements.

Do you have experience in Web Application Security Testing?, * Experience solving complex and sometimes ill-defined problems

• Intermediate knowledge of DevSecOps tools and software development
• Ability to create and implement incident response plans
• Background in cybersecurity and understanding of vulnerability risk analysis
• Hands-on experience assessing or securing services within AWS, Azure, or GCP, particularly within PaaS or Kubernetes-based environments.
• Proficient knowledge of NIST SP 800-37 (RMF) and NIST SP 800-53 rev 5 security controls
• Deep understanding of the FedRAMP authorization process and Department of Defense (DoD) security standards.
• 3-5 years of relevant experience
• Secret Level Clearance (or above)
• Ability to attain DOD 8570 Baseline Certification for IAT II within 6 months of hire date (preferably CYSA+), * Extensive experience with Department of Defense DevSecOps practices, policies, and security.
• Experience with Docker, Gitlab, Kubernetes, Anchore, or other container scanning tools.
• Ability to write basic scripts (Python, Bash, etc.) to automate evidence collection or data parsing.
• Have a strong interest in matters of national security.

Pulled from the full job description

• Referral program
• Parental leave
• 401(k)
• Health insurance
• 401(k) matching
• Paid time off
• Vision insurance, The expected base salary range for this role is [$90,000 - $130,000]. Final compensation will be based on factors such as experience, skills, level, and geographic location. This role may also be eligible for discretionary bonuses and equity grants as part of the total compensation package., This role is a full time, salaried position. As a public benefit corporation, we're a team of purpose-driven trailblazers transforming the future of U.S. national security. We hire the best to do their best and, as such, we are committed to providing the perks and benefits you need to be successful-both in- and outside the workplace., * Competitive Salary
• 100% Healthcare, vision and dental coverage
• 401(k) + 3% company contribution
• Equity incentive plan
• Tech + office supplies stipend
• Annual professional development stipend
• Flexible paid time off + federal holidays off
• Parental leave
• Work from anywhere
• Referral Bonus

Second Front Systems (2F) is a public-benefit software company powering software for the free world. We eliminate the friction that slows innovation, enabling faster, more secure development and deployment of software across government and regulated networks. Built by national security veterans and backed by top-tier venture capital, our platform is trusted by the world's leading organizations to cut deployment timelines from years to weeks. We move fast, solve hard problems, and deliver trusted capabilities where they're needed most. Our work strengthens global security and gives the United States and its allies a lasting competitive advantage. Learn more at secondfront.com.