Senior Cybersecurity Engineer- Hybrid Alexandria, VA

Senior Cybersecurity Engineer- Compliance & Risk Management

This role is responsible for managing multiple regulatory frameworks—CMMC, FedRAMP, SCRM, NIST 800-171/53, and ISO 27001:2022—across hybrid cloud environments. You will lead a small team of junior engineers performing vulnerability assessments and security scanning, build and maintain security documentation and policies, respond to time-sensitive client security requests, and coordinate third-party audits.

The company is located in Alexandria, VA and will be a hybrid model of 3 days onsite a week.

What You Will Be Doing:

• Lead enterprise cybersecurity compliance programs (CMMC, FedRAMP, SCRM, NIST frameworks, ISO 27001:2022).
• Own monthly compliance reporting and KPI dashboards for executive leadership.
• Plan, coordinate, and support third-party audits (NIST 800-171, CMMC, ISO 27001, FedRAMP), including follow-up remediation activities.
• Maintain and organize compliance evidence repositories and SaaS-based control implementations.
• Evaluate, recommend, and implement security controls across AWS, Azure, and Office 365 environments and supported applications.
• Oversee Risk Management Framework (RMF) processes for government contracts and DoD-facing applications (including ATO/IATT/IATO documentation).
• Run weekly POA&M reviews and monthly security assessments.
• Develop, update, and enforce security policies, procedures, and technical standards.
• Lead vulnerability management efforts and coordinate security assessments and penetration testing.
• Manage the business continuity/COOP program, including disaster recovery and crisis response planning.
• Direct incident response activities and lead investigations of security events.
• Mentor, coach, and manager of junior cybersecurity engineers and analysts.
• Serve as a primary interface with federal agencies, auditors, and compliance assessors.
• Collaborate with system architects to define and implement security requirements for existing workloads, cloud migrations, and hybrid environments.
• Own completion of customer cybersecurity questionnaires and due diligence requests under tight deadlines.
• Partner with the Contracts division on RFP responses related to IT security, controls, data privacy, and regulatory compliance.
• Support implementation and ongoing management of the cybersecurity supply chain risk management (C-SCRM) program.
• Develop compliance documentation and security narratives for proposals and business development efforts.
• Act as a subject matter expert on internal security controls, frameworks, and regulations.

Required Skills & Experience:

• Bachelor’s degree in Cybersecurity, Computer Science, or a related discipline; equivalent experience may be considered in lieu of a degree.
• 7+ years of experience in cybersecurity engineering and compliance.
• 5+ years of enterprise experience leading risk and compliance initiatives involving multiple security frameworks.
• Security+ certification (or ability to obtain within 6 months); CISSP, CCSP, or CISM preferred.
• Deep, hands-on experience with NIST 800-171, NIST 800-53, RMF, and DoD compliance frameworks.
• Practical experience with CMMC and FedRAMP authorization processes.
• Proficiency with Office 365 security configuration and administration.
• Experience with vulnerability scanning platforms (e.g., ACAS, Nessus, Rapid7, Qualys, or similar).
• Strong analytical, investigative, and information-gathering skills and the ability to manage multiple concurrent tasks under tight deadlines.
• Excellent written and verbal communication skills for engaging stakeholders at all levels.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.