Responsibilities
- Guide the creation and deployment of security frameworks, tools, and practices throughout all stages of software development
- Apply Zero Trust principles to protect applications, workloads, and data in compliance with EO 14028, OMB M-22-09, and NIST SP 800-207
- Embed security into DevSecOps pipelines by enabling automated code analysis, security checkpoints, and software supply chain safeguards, including SBOM generation
- Oversee static and dynamic application security testing, vulnerability evaluations, and penetration tests to detect, assess, and resolve flaws
- Conduct threat modeling to uncover potential attack paths and define countermeasures during design, coding, testing, and deployment phases
- Assist in achieving and maintaining Authorization to Operate by evaluating controls, gathering evidence, supporting privacy analyses, and managing POA&Ms
- Enforce security controls based on the NIST Cybersecurity Framework and NIST SP 800-53, addressing gaps and compliance issues
- Build secure architectural patterns covering API security, access controls, data validation, encryption, logging, monitoring, and secure configuration practices
- Create and sustain performance indicators, dashboards, and reports to monitor security health, threat patterns, and remediation progress
- Contribute to Interagency Security Agreements, security runbooks, and incident response procedures aligned with current policy directives
- Partner with developers, data and systems engineers, and the Office of Information Security to address vulnerabilities and deliver expert guidance
- Support FedRAMP authorization efforts and respond to findings from independent penetration tests when required
Work Arrangement
Remote — Suitland, MD
Other
- U.S. Citizenship is required
- May involve supervisory responsibilities
- Position engages with senior Government officials and the Office of Information Security (OIS)
- Decisions and expertise can significantly influence program execution