By Light HQ

System Security Engineer

Job Locations US-Remote
Posted Date 4 days ago(1/13/2022 5:45 PM)
# of Openings
IT Support
Tier 2 - Moderate Risk (Public Trust)


By Light is looking for an experienced Systems Engineer to provide support to our client at the Department of Health and Human Services.  The right candidate should be able to work within a team or independently to help support and imporve the security posture of


  • The candidate shall ensure the system adheres to all applicable federal and agency regulations, policies, standards and requirements with regards to IT system security, privacy, and compliance.
  • The candidate shall manage the security-related processes required for obtaining an ATO for the system.
  • The candidate shall support and facilitate the security control assessment activities including participating in interviews, providing evidence of implementation of controls, and providing support for systems and platforms verification scans.
  • The candidate shall analyze and remediate any security findings (POA&Ms) in order to obtain the ATO.
  • The candidate shall ensure the confidentiality, reliability, integrity, availability, and performance of the system.
  • The candidate shall perform information security risk management, vulnerability management, incidence response, disaster recovery and data backup planning and operations.
  • The candidate shall deliver Security Documentation as required by federal standards and directed by the client, any documentation required for ATO or on-going authorization including the System Security Plan, Incident Response Plan, Configuration Management Plan, Contingency Plan, HW/SW list, and Contingency Plan Test Results
  • Help product engineering teams adopt and integrate security capabilities into their product and software development lifecycles
  • Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack.
  • Support definition of Secure SDLC standard to include security architecture, design and coding requirements for infrastructure, application and data to align with application security maturity model and adopt a shift-left approach for security.
  • Evaluate various application security tools including SAST, DAST, SCA, IAST and Pen Testing and operationalize security tools for integration with CI/CD.
  • Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.
  • Perform threat modeling, conduct security architecture reviews and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.

Required Experience/Qualifications

  • College Degree or equivalent hands on experience
  • 3 to 5 years as Security Engineer supporting large size application with a DR site
  • Experience working in a government environment
  • Excellent communication skills
  • Experience working through the process of obtaining and maintaining an ATO
  • Security related training and certifications
  • Experience using security tools such as Fortify, WebInspect, FindSecureBugs, CheckStyle, PMD, wireshark, nmap, threadfix, SD Elements
  • Experience with DevSecOps

Special Requirements/Security Clearance

Position Requires ability to get a Public Trust.


Position requires proof of Covid-19 full vaccination status or qualified exemptions


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed