Lead Security Engineer

Apply


Description

Lead Security Engineer

At B&A, we foster and embrace a distinct set of values that we live by and instill in all aspects of our organization: dedication, commitment, partnership, trust, and recognition. We have incorporated these values into successful delivery for our customers since 1988. B&A believes in ensuring its employees feel deeply connected to B&A, recognizing successes and hard work, and providing continuous opportunities to learn and grow. Our people are entrepreneurial thinkers that combine mindset, vision, and experience to drive value - not only to us as an organization, but to the clients we support. We promote a collaborative culture with our clients, and with each other, as one team working towards a common vision. We'd love for you to join our team!

Job Summary

We are seeking a Subject Matter Expert (SME)-level Lead Security Engineer to lead application security across a large-scale, cloud-native federal modernization program supporting the U.S. Census Bureau's Decennial Transformation and Application Modernization (DTAM) effort. This role provides technical and management leadership on major security tasks, embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce Zero Trust principles, drive Authorization to Operate (ATO) activities, and direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS). This position interfaces with senior Government stakeholders and the Office of Information Security (OIS), and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others.

Responsibilities

• Lead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC, in compliance with U.S. Census Bureau (USCB) and Office of Information Security (OIS) policies
• Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture)
• Integrate security into DevSecOps CI/CD pipelines , establishing security gates, automated code inspection, and supply-chain controls including Software Bill of Materials (SBOM) generation
• Direct Static and Dynamic Application Security Testing (SAST/DAST) , vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses
• Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment
• Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA&M) management
• Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53 , and remediate identified vulnerability and compliance findings
• Design and implement secure architecture patterns - secure API design, authentication/authorization, input validation, encryption, secure logging and monitoring (SIEM), and secure error/session/configuration management
• Develop and maintain metrics, dashboards, and reporting to track application security posture, threat trends, and remediation progress over time
• Support the development and management of Interagency Security Agreements (ISA) , security playbooks, and incident response in accordance with current cybersecurity policies
• Collaborate with application developers, data engineers, systems engineers, and OIS to identify and mitigate vulnerabilities, and provide expert security consultation to development teams
• Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results, as applicable

Education and Experience

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field
• 15+ years of relevant IT/cybersecurity experience, providing technical and management leadership on major tasks or technology assignments (SME level)

Required Skills

• Demonstrated expertise integrating security into a DevSecOps SDLC, including CI/CD security gates and automated security testing
• Hands-on experience implementing Zero Trust Architecture and applying NIST SP 800-53 controls and the NIST Cybersecurity Framework
• Proven experience leading vulnerability assessments, penetration testing, and threat modeling for enterprise applications
• Experience supporting the ATO lifecycle and managing POA&Ms, security artifacts, and evidence collection

Certifications

Required:

• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)

Desired:

• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)

Desired Skills

• Experience generating Software Bill of Materials (SBOMs) and implementing software supply-chain security controls
• Familiarity with SIEM deployment, container/image hardening, and secure baseline configuration
• Experience in large-scale, multi-cloud federal environments and FedRAMP processes
• Strong analytical, problem-solving, written, and verbal communication skills, including the ability to brief senior Government stakeholders

Security Clearance

• U.S. Citizenship required

More About B&A:

Notable Clients
B&A has grown to be a company that is trusted by our clients for exceptional service, innovative solutions, and inspired employees. Our service extends through federal, state, and local Government, the private sector, and higher education. Some of our notable clients include Department of Homeland Security, U.S. Customs and Border Protection, U.S. Senate, U.S. Courts, U.S. Census Bureau, U.S. Navy, and more.

Benefits and Programs

B&A is proud to offer three robust individual and family medical plans to full time employees, including a Health Savings Account (HSA) option as well as two tiers of dental coverage, vision, life & AD&D, disability, accident, hospital indemnity, and critical illness insurance. In addition to these benefits, B&A employees enjoy paid time off, B&A sponsored trainings and certifications, pet insurance benefits, commuter transit benefits and a free subscription to a virtual exercise platform (NEOU). B&A's 401(k) plan is available to all employees and includes a company matching contribution.

B&A has launched several programs to focus on employee engagement, wellness, and assistance. These include:

• The B&A Cares program: 30/60/90-day wellness check ins, personal development, financial management, and stress management seminars, and more
• A formal mentorship program
• Job shadowing and cross training opportunities
• Brand Ambassador program
• Employee Assistance Program (EAP) - Access to various support resources to include counseling, legal guidance, financial planning, and more
• Monthly teambuilding events
• B&A Annual Wellness Challenges: #StepWithB&A, #WalkDuringLunchWithB&A, #VolunteeringWithB&A, #ExerciseDuringLunchWithB&A, and more

At B&A, we place significant importance on improving the communities and lives of citizens across the nation through our involvement, technology expertise, and employees. B&A puts an emphasis on charitable efforts in the Northern Virginia area, including Capital Area Food Bank pantry drives, book donations, Hope for Henry Foundation events, and many more. In recognition of all these efforts, B&A has been named a Companies as Responsive Employers (CARE) award recipient by Northern Virginia Family Services and nominated by the Northern Virginia Chamber of Commerce for Outstanding Corporate Citizenship Award.

EEO

B&A provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. B&A complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy covers conduct occurring at B&A's offices, and other workplaces (including client sites) and all other locations where B&A is providing services, and to all work-related activities.

EEO is the Law

B&A participates in e-Verify. We provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS) with information from each new employee's I-9 Form to confirm work authorization.