Security Engineer

Guidehouse is a consulting firm that provides services to federal government clients, and they are seeking a Security Engineer to support security operations, compliance, and risk management activities. This role involves ensuring adherence to federal cybersecurity requirements while enhancing the security posture of mission-critical client systems.

Responsibilities:

• Support cybersecurity and information assurance activities for client systems in accordance with federal security standards and organizational policies
• Conduct vulnerability management and assessment activities across applications, operating systems, databases, cloud, and network environments using tools such as Tenable and Qualys
• Analyze, validate, and prioritize vulnerability findings, coordinating remediation efforts with system owners, engineers, and operations teams
• Support Risk Management Framework (RMF) activities, including implementation, assessment, and continuous monitoring of security controls
• Maintain and update RMF artifacts including POA&M entries, security documentation, and system authorization materials
• Monitor system and network security events and logs to identify potential threats, misconfigurations, and compliance issues
• Evaluate technical and policy-based security controls aligned with NIST SP 800-53, FISMA, FedRAMP, and related federal guidance
• Support cloud security operations and monitoring efforts within AWS environments, leveraging native security services
• Document security findings, remediation recommendations, and compliance activities to support audits and leadership reporting
• Collaborate closely with developers, system administrators, architects, SOC teams, and government stakeholders to improve overall system security
• Participate in incident response, vulnerability remediation validation, and continuous monitoring initiatives

Requirements:

• Bachelor's degree. Additional Four (4) years of exp can be used in lieu of degree
• Minimum of Two(2) years of experience
• Experience supporting federal Security programs
• Hands-on experience with vulnerability scanning and analysis tools such as Tenable, Qualys, or similar platforms
• Working knowledge of RMF processes, NIST security controls, and federal compliance requirements
• Experience securing and supporting Windows, Linux/UNIX, and cloud-based systems
• Strong technical writing, documentation, and communication skills
• Ability to analyze complex security issues and communicate risk clearly to both technical and non-technical stakeholders
• U.S. Citizenship required
• Must be able to obtain Public Trust Clearance
• Prior experience supporting Federal Government Agency systems
• Experience with AWS security services (e.g., GuardDuty, CloudTrail, Audit Manager)
• Professional cybersecurity certifications such as Security+, CISA, CEH, AWS Security Specialty, or equivalent
• Experience supporting continuous monitoring, ATO renewals, or FedRAMP-aligned systems
• Familiarity with zero trust concepts, identity and access management, and secure network architectures