Cybersecurity Engineer - Clearance Required

Responsibilities

• Direct RMF activities for the LIGER deployment at CBP, covering system categorization, control selection and tailoring, implementation, assessment, and ongoing monitoring
• Own and upkeep authorization artifacts such as the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and related documentation aligned to CBP and DHS requirements
• Collaborate directly with CBP ISSOs, Authorizing Officials, and cyber working groups to advance ATO and continuous authorization efforts
• Translate NIST 800-53 controls for the LIGER platform into concrete engineering requirements
• Perform and review vulnerability scans across CI/CD pipelines and runtime environments, triage findings, and lead remediation with the engineering team
• Validate secure configurations and hardening baselines (CIS Benchmarks, DISA STIGs) for containers, hosts, and cloud resources
• Collaborate with platform engineers on cloud and container security in AWS GovCloud, including IAM, network controls, secrets management, logging, and runtime protection
• Develop and maintain security policies, procedures, and SOPs for LIGER on CBP infrastructure
• Track audit findings, remediation actions, and POA&M items to closure
• Support FedRAMP aligned control implementation and inheritance where applicable
• Advise senior LIGER and CBP leadership on system risk levels, control effectiveness, and evolving compliance considerations for AI/LLM systems in federal environments

Requirements

• Active Secret clearance and the ability to obtain a CBP Background Investigation; U.S. citizenship required
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or a related field
• 5+ years designing, implementing, and monitoring cybersecurity solutions in federal environments
• 5+ years of hands-on RMF experience, including ATO development and continuous monitoring against NIST 800-53
• CISSP, CISM, or equivalent senior-level cybersecurity certification
• Strong working knowledge of cloud security, particularly AWS, with GovCloud or similar high-compliance environments
• Experience with vulnerability management workflows: scanning, triage, remediation tracking, and reporting
• Experience hardening systems to secure baselines such as CIS Benchmarks or DISA STIGs
• Familiarity with secure software development practices: secrets management, access control, auditability, and CI/CD pipeline security
• Strong written communication skills, including the ability to produce ATO artifacts that withstand assessor and AO review
• Ability to translate compliance requirements into concrete engineering work and partner closely with developers

Technologies

• AWS GovCloud
• CIS Benchmarks
• DISA STIGs
• GitLab CI/CD
• Tenable
• Xacta
• OpenRMF
• Kubernetes
• EKS

Overview

We are seeking a Cybersecurity Engineer to enable secure deployment and ongoing authorization of LIGER, an enterprise AI platform built for federal missions, within CBP environments. Join a small, high-visibility team and own the security work that keeps LIGER in production at CBP: maintaining the ATO posture, driving vulnerability management, and coordinating with CBP cyber stakeholders to preserve compliance as the platform evolves.

What will set you apart

• Active CBP Background Investigation or prior CBP/DHS program support
• Direct experience supporting ATO or continuous authorization for systems hosted at CBP, DHS, or another DHS component
• Familiarity with DHS 4300A and CBP-specific cybersecurity policies and processes
• FedRAMP readiness or assessment experience (Moderate or High)
• Hands-on container and Kubernetes security experience (EKS, image scanning, admission control, runtime protection)
• DevSecOps experience integrating security scanning into GitLab CI/CD pipelines
• Experience securing LLM, GenAI, or agentic AI systems, including data handling, prompt and tool-call risk, and model output controls
• Experience with vulnerability management platforms such as Tenable
• Experience with ATO documentation tooling (Xacta, OpenRMF, or similar)
• Familiarity with CISA Binding Directives, CDM, or High Value Asset program requirements

Target Salary Range

USD 111,427 - 200,000 per year

Disclaimer: The salary range shown represents the typical range for this position and is not a guarantee of compensation. Individual salaries are determined by factors including location, internal equity, client contract requirements, and candidate qualifications such as education, experience, skills, and security clearances.