Security Engineer

Join our team at Core One! Our mission is to be at the forefront of devising analytical, operational and technical solutions to our Nation's most complex national security challenges. In order to achieve our mission, Core One values people first! We are committed to recruiting, nurturing, and retaining top talent! We offer a competitive total compensation package that sets us apart from our competition. Core One is a team-oriented, dynamic, and growing company that values exceptional performance!

Clearance Required: Active TS/SCI with Polygraph

We are seeking a Senior Security Engineer to support cybersecurity operations, compliance, and risk management for FedRAMP-authorized and Intelligence Community (IC) systems. This role is responsible for ensuring systems meet stringent federal security requirements while enabling secure, scalable, and compliant cloud and on-premises solutions.

The ideal candidate brings deep expertise in NIST frameworks, FedRAMP authorization processes, continuous monitoring (ConMon), cloud security, incident response, and ATO lifecycle management, along with the ability to operate effectively within classified and high-security environments.

The Senior Security Engineer serves as the primary cybersecurity technical authority supporting system engineering, cloud architecture, DevSecOps pipelines, compliance initiatives, and operational security monitoring.

• →Lead and support FedRAMP Moderate/High and IC ATO authorization efforts, ensuring compliance with NIST RMF, NIST 800-53, NIST 800-37, FedRAMP, and ICD 503 requirements.
• →Conduct risk assessments, security control assessments, gap analyses, and security architecture reviews to identify and mitigate cybersecurity risks.
• →Manage the full Risk Management Framework (RMF) lifecycle, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring.
• →Develop and maintain security documentation such as SSPs, SARs, POA&Ms, and control traceability artifacts, while tracking remediation activities.
• →Execute Continuous Monitoring (ConMon) programs through vulnerability assessments, compliance reviews, security control validation, and reporting.
• →Lead vulnerability management activities using tools such as Nessus, ACAS, SCAP, and STIG Viewer, validating remediation and coordinating risk mitigation efforts.
• →Support Security Operations and Incident Response, including threat monitoring, alert analysis, incident investigations, root cause analysis, and coordination with SOCs and government stakeholders.
• →Design and assess security controls for AWS GovCloud, Azure Government, and other government cloud environments, implementing IAM, encryption, logging, and least-privilege access controls.
• →Integrate security into DevSecOps and CI/CD pipelines through automated security testing, vulnerability scanning, compliance validation, and Infrastructure-as-Code security practices.
• →Support audits and assessments, including 3PAO reviews, FedRAMP assessments, agency ATO reviews, and IG audits, while preparing evidence and coordinating with auditors and assessors.
• →Administer and utilize governance, compliance, monitoring, and vulnerability management tools such as ServiceNow GRC, Splunk, and Azure.
• →Collaborate with developers, engineers, cloud architects, ISSOs/ISSMs, compliance teams, and government stakeholders to provide cybersecurity guidance throughout system development and operations.
• →Contribute to security governance, policy development, cybersecurity program maturity, and organizational security culture, while mentoring junior staff and promoting risk-informed decision-making.

• Active TS/SCI with Polygraph
• Bachelor's degree or higher in Cybersecurity, IT, or related field and 5+ years' experience in Cybersecurity in federal or IC environments
• OR Masters and 3+ years of experience in Cybersecurity in federal or IC environments
• Strong Knowledge of NIST RMF (800-37), NIST 800-53 controls, and FedRAMP requirements
• At least one of the following certifications: CISM or CISA, CompTIA Security+ (baseline), Certified Authorization Professional (CAP), CCSP (cloud security)
• Experience in the following tools: NIST 800-53, RMF, FedRAMP, ICD 503, ServiceNow GRC, Splunk, AWS GovCloud, Azure 

• Experience with cloud-native security tools
• Knowledge of Zero Trust Architecture
• Experience with cross-domain solutions
• Familiarity with DevSecOps pipelines in regulated environments

Core One is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

__PRESENT

__PRESENT__PRESENT__PRESENT__PRESENT__PRESENT__PRESENT