Senior Cybersecurity Engineer I

Summary

Join MetroStar as a Sr. Cybersecurity Engineer I and implement security controls and best practices to enhance the security posture of enterprise applications. Collaborate with development and engineering teams on modernization efforts and compliance assessments across various platforms. You will design and implement security solutions, automate tasks, and ensure compliance with federal standards. This role requires an active Top Secret clearance, a Bachelor's degree, and 5+ years of experience in cybersecurity engineering within federal environments. Specific certifications and hands-on experience with various tools and systems are also needed. MetroStar offers a generous benefits package, professional growth opportunities, and a supportive work environment.

Requirements

• An active Top Secret security clearance or higher
• Bachelor’s degree in Computer Science, Cyber Security, Information Systems, or a related field
• Minimum 5 years of experience in cyber security engineering in federal environments
• CompTIA Security+ and at least one additional security certification, such as CISSP, SSCP, GSEC, etc
• Hands-on security engineering experience with at least one of the following tools/systems/environments: ServiceNow
• .NET applications
• WordPress applications
• Azure/GCP/AWS
• UiPath
• Unqork
• GitLab
• Atlassian suite
• Strong proficiency in providing security engineering support in the context of Agile practices and DevSecOps frameworks
• Demonstrated expertise with at least some modern DevSecOps and security best practices, such as IaC, SAST/DAST/IAST, continuous monitoring, containerized applications, serverless architectures, etc

Responsibilities

• Collaborate with application development, platform engineering, and customer engagement teams to review security implications for change requests and proposed enhancements
• Configure security controls and best practices in accordance with applicable federal standards (e.g., NIST SP 800-53 rev. 5) and system/application-specific best practices (e.g., ServiceNow platforms, .NET applications, GitLab deployments, etc.)
• Contribute proactively to a close-knit, mission-driven security team to identify and mitigate risks to the customer’s broader system portfolio and critical assets
• Identify, design, and implement solutions to improve security across the application portfolio with DevSecOps best practices, including SAST/DAST/IAST, IaC, robust vulnerability scanning, near-real-time threat detection, etc
• Automate repeated tasks and core security functions to strengthen baseline posture and improve operational efficiency, using available low-code/no-code and RPA toolsets
• Improve data collection, threat analysis, and continuous monitoring mechanisms to provide standardized insights into critical security indicators to security peers and government leadership through dashboards, reports, alerts, etc
• Collaborate with compliance officers, government leadership, and development teams to ensure compliance with federal security standards such as NIST 800-53, FedRAMP, and FISMA
• Support ongoing compliance activities to achieve and maintain ATOs for assigned systems, including implementation support to move systems to the Department’s Ongoing Authorizations (OA) program
• Implement data-driven and automated mechanisms to identify security risks or compliance issues for proactive remediation

Benefits

• Generous benefits package
• Professional growth
• Valuable time to recharge