Senior Security Engineer

Summary

Join Oddball, a company that values learning and growth, as a Senior Security Engineer to work on a pivotal Federal program impacting millions. Lead security engineering efforts to safeguard critical systems and data for veterans' healthcare and benefits. Collaborate with development teams to embed security into software lifecycles, ensure compliance with federal standards, and support the ATO process. Your responsibilities will encompass security architecture, risk management, monitoring, and continuous compliance across various environments. You will also provide mentorship and technical guidance to junior engineers. Oddball offers a fully remote work environment, an annual stipend, a comprehensive benefits package, a 401k plan, and flexible PTO.

Requirements

• Proven experience collaborating with application teams on secure software development practices
• Strong familiarity with the full ATO lifecycle and RMF process, including documentation and continuous monitoring
• Deep understanding of NIST SP 800-53, FISMA, FedRAMP, and HIPAA regulatory frameworks
• Proficiency in securing cloud platforms such as AWS GovCloud and Azure Government
• Experience with vulnerability management and scanning tools (Nessus, ACAS)
• Familiarity with Security Information and Event Management (SIEM) platforms and log analysis (e.g., Splunk, ELK Stack)
• Solid scripting/automation skills (e.g., Python, PowerShell, Bash, GHA) for implementing security controls
• Excellent communication skills for cross-functional collaboration and stakeholder reporting
• Must be a US Citizen and able to work domestically
• Must be able to attain low-level security clearance
• Bachelor's Degree

Responsibilities

• Design and implement security controls and solutions across VA enterprise systems and applications
• Partner with application development teams to integrate security requirements into design, development, and deployment cycles
• Support and lead efforts related to obtaining and maintaining Authority to Operate (ATO), including development of System Security Plans (SSPs), Pan of Action and Milestones (POA&Ms), and control documentation
• Conduct risk assessments, vulnerability scans, and threat modeling per NIST SP 800-53 and VA Handbook 6500
• Actively participate in Agile/DevSecOps pipelines to ensure security is applied throughout the CI/CD lifecycle
• Respond to security incidents, investigate anomalies, and coordinate with Cybersecurity Operations Center (CSOC) and stakeholders for resolution
• Implement and maintain monitoring and detection tools (e.g., Splunk, ACAS, Nessus) to support continuous diagnostics and mitigation (CDM)
• Ensure systems comply with FISMA, HIPAA, FedRAMP, and VA-specific security requirements
• Review and assess third-party solutions for compliance and integration into VA’s secure architecture
• Provide mentorship and technical guidance to junior engineers and ensure knowledge sharing across teams

Preferred Qualifications

• CISSP, CAP, CEH, CISM, or other DoD 8570 baseline certifications
• Experience with VA Electronic Health Record system (EHR) modernization or other large-scale federal application environments

Benefits

• Fully remote
• Annual stipend
• Comprehensive Benefits Package
• Company Match 401(k) plan
• Flexible PTO, Paid Holidays