Security Engineer

HYERTEK INC.
Columbia, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 155K

Job location

Columbia, United States of America

Tech stack

Artificial Intelligence
Audit Trail
Azure
Cloud Computing
Cloud Computing Security
Information Technology Consulting
Databases
Data Control
Federal Information Processing Standards (FIPS)
Information Security Management
Information Systems Security Engineering Professional
Key Management
Log Analysis
Package Management Systems
Public Key Infrastructure
Zero Trust Network Access
Security Information and Event Management
Systems Integration
Information Security Management System
Enterprise Software Applications
Large Language Models
Containerization
Data Analytics
Microsoft Sentinel
Key Vault
Plan of Action and Milestones

Job description

HyerTek is a federal technology consulting firm delivering secure enterprise applications, data analytics, and modernization services to federal government agencies. HyerTek is hiring a Security Engineer / Information System Security Engineer (ISSE) to own the security engineering and Risk Management Framework (RMF) execution for secure enterprise applications delivered to federal customers on Azure Government. You will implement and document security controls, produce the authorization artifacts, and drive the assessment-and-authorization activities that earn and sustain a system's Authority to Operate - while the Government Authorizing Official retains all authorization authority.

This is a critical-path role. Systems are configured, assessed, and separately authorized per environment, so you will carry the control implementation, the System Security Plan and POA&M, the hardening, and the continuous-monitoring posture - coordinating closely with cloud engineers, developers, and the Government. When accreditation is on the critical path, your work is what keeps delivery on schedule., Own RMF execution - categorize, select, implement, assess, and support authorization under NIST 800-37 / 800-53 and DoDI 8510.01. Author and maintain the System Security Plan (SSP), POA&M, and full control-implementation evidence; manage the authorization package in eMASS (or the Government's system of record). Serve as the security engineering interface to the Government ISSM/AO and assessors; prepare for and support all assessment-and-authorization activities. Implement and validate hardening against applicable DISA STIGs (application/ASD, container, database, OS) and track remediation to closure. Design and operate the continuous-monitoring posture - audit logging, SIEM integration (Microsoft Sentinel / Log Analytics), and control-assessment cadence - and maintain POA&M currency. Engineer and verify the data-protection posture: encryption in transit and at rest, key management (Key Vault / managed identity, customer-managed keys, FIPS-validated cryptography), and no secrets in source or image. Own the CAC/PIV / DoD PKI validation design (OCSP/CRL) with the cloud and application engineers. Enforce CUI handling and, where applicable, cross-domain and classified-data controls and spillage prevention. Implement least-privilege access, zero-trust controls, and privileged-access administration (Bastion / JIT / MFA / privileged access workstations). Produce and maintain the security documentation and as-built records required for accreditation and customer handoff.

Requirements

7+ years in information system security engineering/cybersecurity for federal or DoD systems, with direct, hands-on RMF experience. Demonstrated ownership of at least two systems through a full RMF authorization to an ATO/cATO - SSP, control implementation, POA&M, and package management. Hands-on experience with eMASS (or equivalent) and NIST 800-53 control implementation and assessment. Experience hardening systems to DISA STIGs and validating compliance. Working knowledge of cloud security architecture - identity, network isolation (private endpoints), key management, and SIEM/continuous monitoring. Understanding of CUI handling (DoDI 5200.48) and the DoD Cloud Computing SRG impact levels. DoD 8140/8570-compliant certification for the ISSE role (e.g., CISSP, CASP+, or equivalent). Strong technical writing and the ability to produce assessor-ready evidence. Ability to carry security engineering and authorization across multiple environments on a lean, senior team. Candidates must have and maintain an active TS/SCI clearance with the Department of Defense., Direct experience accrediting workloads in Azure Government or classified Azure environments. Experience with cross-domain solutions (CDS) and the SABI/TSABI process, or supporting a data-transfer accreditation. Experience standing up continuous monitoring with Microsoft Sentinel and integrating with a designated CSSP. Familiarity with securing containerized workloads (AKS, hardened images, image signing/scanning). Experience with AI/LLM security controls (data-residency, scope-bound retrieval, prompt-injection defense) in a governed environment. ISSM or RMF assessor experience; CISSP-ISSEP.

Benefits & conditions

HyerTek offers a comprehensive benefits package, including: Medical, dental, and vision insurance 401(k) with employer contribution Paid time off (PTO) and company holidays Flexible work arrangements Professional development and certification support Employee assistance program (EAP) Life and disability insurance

Salary Range $140,000 - $155,000 annually, depending on experience and clearance status.

Equal Employment Opportunity (EEO) HyerTek is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, or any other protected status.

Apply for this position