Senior Security Risk Management Engineer

Senior Security Risk Management Engineer Dexian Government Solutions is recruiting for a Senior Security Risk Management Engineer to support our proposal effort for the DHS CIETS in DC Metro area. Position Overview Serves as the senior technical lead for Risk Management Framework (RMF) implementation, Assessment & Authorization (A&A), security control implementation, enterprise risk analysis, and cybersecurity compliance engineering. This position bridges the gap between cybersecurity engineering, governance, and authorization activities, ensuring systems achieve and maintain authorization while managing risk across the DHS I&A enterprise. Job Duties Provides technical leadership for: Assessment & Authorization (A&A), Security control implementation, Security architecture risk analysis, Risk assessment and mitigation, Security engineering support to system owners. Serves as the senior technical advisor helping DHS I&A understand, document, assess, and manage cybersecurity risk across classified and unclassified environments. RMF and Authorization Support Lead execution of RMF activities across assigned systems. Develop and maintain authorization documentation. Support ATO, ATC, and ongoing authorization activities. Ensure security controls are properly implemented and documented. Coordinate with ISSOs, ISSMs, SCAs, and Authorizing Officials throughout the authorization lifecycle. Assist in preparing and maintaining authorization packages. Security Risk Assessment Conduct cybersecurity risk assessments. Analyze technical, operational, and architectural risks. Identify system vulnerabilities and control deficiencies. Evaluate likelihood and impact of identified risks. Recommend compensating controls and corrective actions. Security Control Engineering Evaluate implementation of NIST, CNSSI, DHS, and Intelligence Community security controls. Validate technical control implementation. Assess effectiveness of security safeguards. Support remediation of control weaknesses. Ensure security requirements are incorporated into system designs and architectures. Continuous Monitoring Support Review vulnerability assessment results. Analyze POA&M status and remediation activities. Monitor ongoing compliance with authorization requirements. Track risk trends and emerging cybersecurity concerns. Enterprise Risk Management Support enterprise cybersecurity risk management activities. Evaluate cross-system and enterprise-wide risks. Provide recommendations regarding risk acceptance and mitigation. Assist Government leadership in understanding aggregate cybersecurity risk. Engineering Reviews and Technical Assessments Conduct technical reviews of system architectures. Assess proposed system changes for security impact. Evaluate cloud security implementations. Support modernization initiatives and technology assessments. Participate in architecture review boards and engineering reviews. Audit and Compliance Support Support OIG, FISMA, JCIP, and other cybersecurity inspections. Provide technical evidence supporting compliance assessments. Respond to audit findings and corrective action requirements. Assist in maintaining audit readiness across the portfolio. Stakeholder Interaction Chief Information Security Officer (CISO) Authorizing Officials (AOs) ISSMs ISSOs Security Control Assessors (SCAs) Security Engineers System Owners Governance and Compliance personnel Required Qualifications At least 2 years of recent experience in each of the following areas: A&A, FISMA compliance, IC cybersecurity policy and standards, continuous monitoring, CDS, and secure cloud and hybrid engineering, with a total of at least 10 years total of related experience. Experience in emerging and evolving security risk management practices including automating A&A and continuous monitoring activities. Experience applying NIST 800 series and CNSSI 1253 security controls and risk management framework principles and guidance. Certification Requirements CISM + CAP or GRC Clearance Requirements TS/SCI with CI Polygraph Benefits Our robust benefits package includes Open Paid Time Off, 11 Federal Paid Holidays & 5 Paid Sick Days, Company-paid Life/AD&D, Company-paid Short Term and Long-Term Disability, Health Insurance with Company Contribution, 401k Plan with Company Match, Employee Recognition Program, opportunity for Employee Referral Bonus, opportunity for annual Performance Bonus and much more! EEO Statement Dexian Government Solutions is proud to be an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided based on qualifications, merit, and business need. All applicants will be considered for employment without attention to race, religion, color, national origin, ancestry, physical or mental disability, medical condition, pregnancy (including childbirth, lactation and related medical conditions), marital status, genetic information (including characteristics and testing), gender, sexual orientation, gender identity or expression, military and veteran status, or any other status protected under federal, state, or local law in the locations where we operate. If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Human Resources. The Company invites any applicant and/or employee to review the Company's written AffPlan. This role requires an active Top Secret Security Clearance, customer approval, and successful completion of a pre-employment background screening. #J-18808-Ljbffr EmergencyMD