Compliance and Security Engineer

Job Description

Job Description

You've stumbled upon the rare B Corp government contractor!

At TCG, we aim to prove that businesses can be good to their employees and responsible to their community while being profitable. We're an award-winning IT solutions provider to the Federal government seeking a Compliance and Security Engineer to join our project team at a major Federal agency.

The Compliance and Security Engineer will collaborate with operational teams and the Chief Information Officer (CIO) to uphold the security posture and ensure the implementation and maintenance of security controls in compliance with security plans and regulations. This role offers the unique opportunity to develop both Information Security Officer and Systems Engineering skills, eventually transitioning into a mid-level engineering position with a focus on technical work.

US Citizenship is required for this role. In addition, the selected applicant must submit to a government background investigation and be favorably adjudicated before their first day.

While primarily remote, this position may require occasional on-site meetings. The selected candidate must live within commuting distance of Washington, D.C.

RESPONSIBILITIES :

• Conduct scheduled vulnerability scans with Nessus, Tenable, and Qualys across Windows, Linux, and container platforms; analyze results, document findings, and create POA&M entries to drive remediation planning.
• Operate enterprise SIEM solutions (Splunk, ArcSight, QRadar, etc.), correlating alerts, performing root‑cause investigations, and executing incident containment and closure in accordance with NIST 800‑61.
• Draft, maintain, and update System Security Plans (SSPs), Risk Assessment Reports, POA&M logs, and System Requirements Traceability Matrices (SRTMs) to ensure alignment with NIST 800‑53 Rev 5 and FISMA mandates.
• Generate compliance dashboards and report status to leadership.
• Assist in the design, implementation, and testing of NIST 800‑53 controls (e.g., Access Control, System & Communications Protection, Identification & Authentication).
• Participate in periodic control assessments, including pre-penetration test reviews, to validate the security posture.
• Administer and optimize monitoring stacks; fine‑tune alert thresholds, develop custom probes, and deliver concise "quick‑look" reports to stakeholders.
• Harden operating systems (Windows, RHEL / CentOS, Ubuntu) and container images, applying CIS Benchmarks and conducting baseline compliance scans.
• Review source code snippets (Python, Ruby, Java) for OWASP and CIS guideline violations; recommend secure coding practices.
• Automate repetitive security tasks using lightweight scripts (Python, Bash) to increase efficiency and reduce human error.
• Collaborate with DevSecOps teams to embed security controls throughout CI / CD pipelines (Jenkins, GitLab, Azure DevOps), ensuring secure deployment of applications.
• Provide expert guidance to developers on secure coding, threat modeling, and testing methodologies.
• Mentor junior analysts on monitoring, logging, and documentation best practices.
• Author internal knowledge‑base articles, develop training materials, and conduct short workshops to elevate team capability.

REQUIRED SKILLS & EXPERIENCE :

PREFERRED SKILLS & EXPERIENCE :

EDUCATION :

TCG does not discriminate based on race, sex, color, religion, national origin, age, disability, caste, or veteran status.

Our B Corp mission is reflected in our benefits, including offerings like health care, 401K, parental leave, adoption assistance, financial planning services, student loan repayment assistance, and training budget. There's more; see for yourself.

TCG is recognized for treating employees well. In fact, in 2025, The Washington Post named TCG as a "Top Workplace" for the eleventh straight year based on how our employees feel about the company, the benefits TCG offers, and the work / life balance that our staff achieves. In the Washington Post Top Workplace survey, our CEO was ranked best by TCG employees' votes among all midsize companies.

Try us ... we'll make you happy.

Internal title / grade : System Engineer, E2

Salary Range : $95,000 - $120,000

All individuals being hired to work for TCG must submit to, and successfully pass, a pre-employment background investigation prior to reporting for their first day of work. The pre-employment background investigation will include verification of employment and education, as well as, a criminal and DMV check.

Additional documentation and background checks will also be required for positions that require clearance from the Federal government.

Job Posted by ApplicantPro