Search all jobs
Browse jobsSuitland, MD › Lead Security Engineer

Lead Security Engineer

Devtechnology · Suitland, MD · Posted Jun 30, 2026

Apply on company site   Track it in JobSkout

Lead Security Engineer, #1073

Security Requirement: U.S. Citizenship required

Work Location: Suitland, MD

We are seeking a Subject Matter Expert (SME)–level Lead Security Engineer to lead application security across a large-scale, cloud-native federal modernization program. This role provides technical and management leadership on major security tasks, embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce Zero Trust principles, drive Authorization to Operate (ATO) activities, and direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS). This position interfaces with senior Government stakeholders and the Office of Information Security (OIS), and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others.

What You'll be Doing:

Lead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC

Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture)

Integrate security into DevSecOps CI/CD pipelines , establishing security gates, automated code inspection, and supply-chain controls, including Software Bill of Materials (SBOM) generation

Direct Static and Dynamic Application Security Testing (SAST/DAST) , vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses

Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment

Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA M) management

Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53 , and remediate identified vulnerabilities and compliance findings

Design and implement secure architecture patterns — secure API design, authentication/authorization, input validation, encryption, secure logging and monitoring (SIEM), and secure error/session/configuration management

Develop and maintain metrics, dashboards, and reporting to track application security posture, threat trends, and remediation progress over time

Support the development and management of Interagency Security Agreements (ISA) , security playbooks, and incident response in accordance with current cybersecurity policies

Collaborate with application developers, data engineers, systems engineers, and OIS to identify and mitigate vulnerabilities, and provide expert security consultation to development teams

Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results, as applicable

Required Education, Experience, and Skills:

Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field

15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level)

Certified Information Systems Security Professional (CISSP)

Certified Cloud Security Professional (CCSP)

Demonstrated expertise in integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing

Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework

Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications

Experience supporting the ATO lifecycle and managing POA Ms, security artifacts, and evidence collection

U.S. Citizenship required

Preferred Skills and Experience:

Certified Information Security Manager (CISM)

Certified Information Systems Auditor (CISA)

Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls

Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration

Experience in large-scale, multi-cloud federal environments and FedRAMP processes

Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders

Our estimated salary range for this position is $120,000 - $190,000; this presented salary range is not a guarantee of compensation or salary. Offered salary is based on experience, geographic location, and possibly contractual requirements as appropriate to the role. *Salary could fall outside of this range.

Who We Are

Dev Technology is a growing IT company with an employee-centric culture that works on mission-critical projects for …

Apply on company site