Talent.com
Senior Cybersecurity Engineer - Compliance & Risk Management
Senior Cybersecurity Engineer - Compliance & Risk ManagementHuman Resources Research Organization • Alexandria, VA, US
Senior Cybersecurity Engineer - Compliance & Risk Management

Senior Cybersecurity Engineer - Compliance & Risk Management

Human Resources Research Organization • Alexandria, VA, US
30+ days ago
Job type
  • Full-time
Job description

Job Description

Job Description

Senior Cybersecurity Engineer - Compliance & Risk Management

The Human Resources Research Organization (HumRRO) is a non-profit leader in developing high-impact services and products in the arenas of employment, military, student testing, and professional credentialing and licensure. We work with federal and state government agencies, private sector organizations, and professional associations.

About the Organization

As a non-profit, HumRRO is dedicated to work that contributes to science and society. Our employees enjoy a highly collaborative and supportive environment that fosters innovation, ethical practice, and outstanding customer service. Our core operational staff includes Industrial-Organizational Psychologists, Educational Researchers, and Behavioral Science Consultants. We are committed to supporting a diverse workforce and to practicing equity and inclusion for all staff.

About the Job

We are seeking a Senior Cybersecurity Engineer to lead our enterprise compliance and security programs across federal, state, and private sector engagements. This role manages multiple compliance frameworks including CMMC, FedRAMP, SCRM, NIST 800-171 / 53, and ISO 27001 : 2022 regulatory requirements. You will work on compliance standards across hybrid cloud environments while leading a team of junior engineers conducting vulnerability assessments and security scanning operations. A significant portion of this role involves creating security documentation, developing compliance policies, responding to time-critical security requirements from clients, and managing third-party compliance audits.

As a Senior Cybersecurity Engineer, you will :

  • Lead enterprise cybersecurity compliance programs (CMMC, FedRAMP, SCRM, NIST frameworks, ISO 27001 : 2022)
  • Manage monthly compliance reporting and KPI dashboards for executive leadership
  • Coordinate third-party compliance audits (NIST 800-171, CMMC, ISO 27001, FedRAMP) and remediation activities
  • Maintain compliance evidence catalogs and SaaS compliance implementation controls
  • Evaluate and implement security controls across software applications and cloud platforms AWS, Azure, and Office 365
  • Oversee Risk Management Framework (RMF) processes for government contract organizations as well as applications in the DoD space (ATO / IATT / IATO documentation)
  • Conduct weekly Plan of Action and Milestone (POA&M) reviews and monthly security assessments
  • Develop and maintain security policies, procedures, and technical standards
  • Lead vulnerability management programs & conduct security assessments and penetration testing coordination
  • Manage business continuity of operations (COOP) program including disaster recovery and crisis management plans
  • Lead incident response and security event investigation
  • Mentor and manage junior cybersecurity engineers and analysts
  • Interface with federal agencies, auditors, and compliance assessors
  • Work with system architects for security requirements on existing cloud workloads, cloud migrations and / or hybrid environments
  • Facilitate and oversee completion of all customers' cyber security questionnaires and qualifications with time-critical deadlines
  • Coordinate with HumRRO Contracts Division on written responses to RFPs regarding IT security, controls, data privacy and regulatory compliance
  • Assist with implementation and administration of cybersecurity supply chain risk management (C-SCRM) program
  • Develop compliance documentation and security narratives for proposals
  • Support business development with technical security expertise
  • Serve as subject matter expert on internal security controls and regulations

Minimum Requirements :

  • US Citizen with ability to obtain / maintain security clearance
  • Work on-site at Alexandria VA (Up to 2 remote days possible after 90-day introductory period)
  • Bachelor's degree in Cybersecurity, Computer Science, or equivalent field. Work experience may be considered in lieu of degree
  • 7+ years of cybersecurity engineering and compliance experience
  • 5+ years of enterprise experience managing Risk and Compliance efforts including multiple regulatory and standard security frameworks
  • Existing Security+ certification or the ability to obtain within 6 months (CISSP, CCSP, or CISM preferred)
  • Deep expertise in NIST 800-171, 800-53, RMF, and DoD compliance frameworks
  • Hands-on experience with CMMC and FedRAMP authorization processes
  • Proficiency in Office 365 security configuration and management
  • Experience with vulnerability scanning tools (e.g. ACAS, Nessus, Rapid7, Qualys or equivalent)
  • Strong analytical and information gathering skills with ability to work multiple tasks simultaneously under short deadlines
  • Excellent communication skills for stakeholder engagement

    • Preferred :

  • Active DoD clearance
  • Experience in the nonprofit sector managing IT or related activities
  • CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA)
  • Experience with FedRAMP 3PAO assessments
  • Knowledge of Supply Chain Risk Management (SCRM) frameworks
  • AWS certifications (Solutions Architect, Security Specialty preferred)
  • Experience with DevSecOps pipeline integration and IAC
  • CISSP, CCSP, CISM, or CISSP-ISSAP certifications
  • Knowledge of DoD STIG implementation and automated compliance tools
  • Federal contracting and audit experience
  • Experience with Atlassian suite (Jira, Confluence)
  • Experience with eMASS package development and continuous monitoring activities
  • Experience with STIG implementation and SCAP compliance validation
  • Experience with bi-annual COOP testing and crisis management plan development
  • Leadership experience managing technical teams
  • People Management Experience is a plus

    • The anticipated salary for this role is $100,000 to $155,000. Specific salary offers are based on candidate qualifications and experience.

    Benefits :

  • Health, dental and vision insurance
  • Life insurance equal to 2x annual salary
  • Retirement plan with company matching
  • Paid professional development and certification maintenance
  • Tuition reimbursement
  • 12 weeks of paid parental leave
  • Generous paid time off and 10 paid holidays

    • All qualified applications will receive consideration without regard to race, color, religion, sex, national origin, age, marital status, sexual orientation, veteran status, medical condition, or disability. EEO / Vet / Disabled.

    Named one of "50 Great Places to Work" by Washingtonian magazine and one of "Top Workplaces" by The Washington Post.

    Create a job alert for this search

    Senior Cybersecurity Engineer • Alexandria, VA, US

    Related jobs
    Senior Application Security Engineer (Remote - USA)

    Senior Application Security Engineer (Remote - USA)

    Confluent • Washington, DC, United States
    Remote
    Full-time
    At Confluent, we are committed to providing competitive pay and benefits that are in line with industry standards.We analyze and carefully consider several factors when determining compensation, in...Show more
    Last updated: 1 day ago • Promoted
    Application Security Architect

    Application Security Architect

    VirtualVocations • Alexandria, Virginia, United States
    Full-time
    A company is looking for an Application Security Architect.Key Responsibilities Collaborate with development teams to implement secure coding practices and conduct application vulnerability asses...Show more
    Last updated: 30+ days ago • Promoted
    Windows Engineer (FS Polygraph Required) with Security Clearance

    Windows Engineer (FS Polygraph Required) with Security Clearance

    COMSO • Fort Meade, MD, United States
    Full-time
    Join us on this journey as we execute this new mission-critical contract providing Cybersecurity Expertise and Risk Management! Your effort and expertise are crucial to the success and execution of...Show more
    Last updated: 10 hours ago • Promoted • New!
    Software Security Engineer IV

    Software Security Engineer IV

    Airlines Reporting Corporation • Arlington, VA, US
    Full-time
    It's a great time to join us at Airlines Reporting Corporation (ARC)! ARC accelerates the growth of global air travel by delivering forward-looking travel data, flexible distribution services a...Show more
    Last updated: 30+ days ago • Promoted
    Senior Principal / Principal Industrial Security Analyst

    Senior Principal / Principal Industrial Security Analyst

    Northrop Grumman • Annapolis Junction, MD, US
    Full-time
    RELOCATION ASSISTANCE : No relocation assistance available.At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the wo...Show more
    Last updated: 3 days ago • Promoted
    Multidisciplinary Engineer - National Security

    Multidisciplinary Engineer - National Security

    Expedition Technology • Herndon, VA, United States
    Full-time
    Join the Expedition : Engineers Wanted.At Expedition Technology (EXP), we don't just build things-we build the future.Whether it's decoding signals from the edge of the spectrum, teaching machines t...Show more
    Last updated: 30+ days ago • Promoted
    Cyber Capabilities SME

    Cyber Capabilities SME

    Leidos Inc • Odenton, MD, United States
    Full-time
    The Cybersecurity Capabilities and Innovations SME shall provide support across the entire command.All SMEs will be centrally managed but may be assigned to work in separate directorates within the...Show more
    Last updated: 30+ days ago • Promoted
    Sr. Manager, Platform Engineering, Workday (Workday Security)

    Sr. Manager, Platform Engineering, Workday (Workday Security)

    Capital One • Fredericksburg, VA, US
    Full-time +1
    Manager, Platform Engineering, Workday (Workday Security).Senior Manager, Platform Engineering.Capital One's Workday environment. This role involves working closely with cross-functional teams to en...Show more
    Last updated: 1 day ago • Promoted
    Systems Engineer (Mid-Level) with Security Clearance

    Systems Engineer (Mid-Level) with Security Clearance

    Compass • Chantilly, VA, United States
    Full-time
    Description Position Title : Systems Engineer (Mid) 1968 Location : Chantilly, Virginia Clearance Required : Top Secret / SCI Overall Assignment Description : Mid-level Systems Engineers employ a multi-d...Show more
    Last updated: 1 day ago • Promoted
    VMware (ESXi) Engineer with Security Clearance

    VMware (ESXi) Engineer with Security Clearance

    SecureVision • Fairfax, VA, United States
    Full-time
    VMware (ESXi) Engineer Responsibilities : Designs and defines system architecture for new or existing compute systems Performs complex systems engineering design work that may include but not limite...Show more
    Last updated: 6 hours ago • Promoted • New!
    Red Team Security Engineer

    Red Team Security Engineer

    HugoNet • Washington, DC, United States
    Full-time
    SECURITY CLEARANCE REQUIREMENT : TS, WITH SCI ELIGIBILITY.This position requires onsite work.However, due to COVID-19, remote work on a rotational schedule is temporarily available.POSITION REQUIRES...Show more
    Last updated: 30+ days ago • Promoted
    Blue Team Security Engineer

    Blue Team Security Engineer

    HugoNet • Washington, DC, United States
    Full-time
    SECURITY CLEARANCE REQUIREMENT : TS, WITH SCI ELIGIBILITY.REMOTE OPPORTUNITY : This position requires onsite work.However, due to COVID-19, remote work on a rotational schedule is temporarily availab...Show more
    Last updated: 30+ days ago • Promoted
    Vulnerability Management Team Lead

    Vulnerability Management Team Lead

    KellyMitchell Group • Bethesda, MD, US
    Full-time
    Our client is seeking a Vulnerability Management Team Lead to join their team! This position is located in Bethesda, Maryland. Lead and mentor the vulnerability management team, coordinating daily t...Show more
    Last updated: 18 hours ago • Promoted • New!
    Application Security Engineer

    Application Security Engineer

    US Tech Solutions • Arlington, VA, United States
    Full-time
    Collaborate with a team of engineers to implement • • • specific security policies in the CI / CD security tools including but not limited to SAST, DAST and SCA applications. Work with Development, DevO...Show more
    Last updated: 1 day ago • Promoted
    PPSM Cyber Analyst

    PPSM Cyber Analyst

    Leidos Inc • Odenton, MD, United States
    Full-time
    Leidos is seeking a Ports, Protocols, and Services Management (PPSM) Engineer in Ft Meade, MD.Our PPSM team provides end-to-end data protection by ensuring communication protocols in the Internet p...Show more
    Last updated: 30+ days ago • Promoted
    VDI Engineer with Security Clearance

    VDI Engineer with Security Clearance

    Oscar Technology • Herndon, VA, United States
    Full-time
    Required Skills & Expertise : The consultant must demonstrate knowledge, skills, and abilities in the following areas : - vSphere Hypervisor (ESXi) - vCenter - Horizon Client - Liquidware Profile Uni...Show more
    Last updated: 8 hours ago • Promoted • New!
    Enterprise Security Architect

    Enterprise Security Architect

    Booz Allen Hamilton • McLean, VA, United States
    Full-time +1
    Your growth matters to us - explore our career development opportunities.Connect with others in our people-first culture and enhance our collective ingenuity. Learn how we’ll support you as you purs...Show more
    Last updated: 30+ days ago • Promoted
    Application Security Engineer

    Application Security Engineer

    Steampunk.com • McLean, VA, United States
    Full-time
    Web Application Security Engineer.We're looking for someone who has passion for IT, resourceful problem-solving abilities, and a desire to learn our indicators of success in this role.The ideal can...Show more
    Last updated: 1 day ago • Promoted