Return To Search

Lead Security Engineer

Location: McLean, VA

Company: Revolutional, LLC

Category:

Job Description Apply Now

Lead Security Engineer

Location: Suitland, MD (Hybrid)

Terms: Full-time

Clearance/Work Authorization: U.S. Citizenship with the ability to obtain and maintain a Public Trust is required

Travel: 0-20%

Project Description

This position supports Revolutional’s federal customer as part of an application transformation and modernization initiative.

This program is driving a large-scale transformation of systems into a data-centric, cloud-native ecosystem capable of supporting high-volume, near real-time data processing and advanced analytics. The work includes modernization of legacy applications, development of new cloud-native solutions, and implementation of DevSecOps and scaled Agile practices across the organization.

The core challenge: orchestrating complex, multi-contractor delivery while transforming both technology and operating models without disrupting mission-critical operations.

Position Description

As a Lead Security Engineer at Revolutional, you will define and drive enterprise security engineering strategy and execution across a large-scale federal modernization program.

You will be responsible for integrating security into every layer of the environment, including applications, APIs, data platforms, cloud infrastructure, CI/CD pipelines, and operational processes. You will work across architecture, engineering, operations, and vendor teams to ensure security is proactive, automated, measurable, and aligned with federal compliance requirements.

This role requires someone who can balance security rigor, operational resiliency, and delivery velocity while supporting secure modernization across complex system-of-systems environments.

Responsibilities

• Provide technical leadership across enterprise security engineering efforts within a large-scale modernization program
• Design and implement security controls across cloud, application, API, data, and infrastructure layers
• Integrate security into DevSecOps pipelines using automated scanning, policy enforcement, CI/CD controls, and security governance practices
• Support Authority to Operate (ATO) processes, POA&M management, continuous monitoring, audit support, and remediation tracking activities
• Ensure compliance with federal security frameworks and standards including NIST 800-53, FedRAMP, FISMA, Zero Trust, MFA, secure SDLC, and federal ATO requirements
• Secure system-of-systems (SoS) environments spanning multiple vendors, contractors, integrated platforms, and distributed architectures
• Implement and govern IAM strategies including RBAC, ABAC, MFA, privileged access management, authentication, authorization, and Zero Trust principles
• Design and support API and microservices security architectures, including secure API design, token-based authentication, and authorization frameworks
• Conduct penetration testing, threat modeling, SAST/DAST scanning, vulnerability assessments, and end-to-end remediation coordination
• Support supply chain security initiatives including Software Bill of Materials (SBOM), dependency risk analysis, and third-party software validation
• Implement security controls supporting encryption, sensitive data protection, PTA/PIA requirements, privacy standards, and secure data handling practices
• Support security operations activities including monitoring, alerting, incident response, root cause analysis, and operational troubleshooting
• Design and maintain dashboards, KPIs, risk reporting, compliance metrics, and security posture reporting
• Develop and maintain security documentation including architecture artifacts, playbooks, operational procedures, compliance documentation, and governance materials
• Collaborate across architecture, engineering, operations, and vendor teams to align security requirements with modernization and delivery objectives
• Mentor engineering and security teams on secure coding, secure architecture, operational security practices, and DevSecOps standards

Technical Environment

• Cloud-native environments (AWS, Azure)
• DevSecOps pipelines and CI/CD automation frameworks
• SIEM, monitoring, alerting, and security analytics platforms
• Container security, image scanning, and runtime protection tools
• APIs, microservices, and distributed integration architectures
• Infrastructure-as-Code and automation platforms
• Security testing platforms (SAST, DAST, vulnerability management)
• Identity and access management platforms and Zero Trust architectures
• Enterprise data ecosystems supporting high-volume and near real-time processing
• Agile and scaled Agile (SAFe) delivery environments
• Delivery and collaboration tools (Git, Jira, Confluence, ServiceNow)

What You Bring (Requirements)

Baseline Requirements

• U.S. Citizenship with the ability to obtain a Public Trust
• 15+ years of experience in cybersecurity, security engineering, or enterprise modernization initiatives
• Certified Information Systems Security Professional (CISSP) required
• Certified Cloud Security Professional (CCSP) required
• Proven experience securing large-scale, distributed cloud and enterprise environments
• Ability to obtain and maintain a Public Trust clearance

Technical Capabilities

• Strong experience implementing security controls in cloud-native and hybrid environments
• Experience supporting ATO processes, POA&M management, continuous monitoring, and federal compliance programs
• Strong understanding of NIST 800-53, FedRAMP, FISMA, Zero Trust, MFA, secure SDLC, and federal cybersecurity frameworks
• Experience integrating security into DevSecOps pipelines including SAST, DAST, automated policy enforcement, and CI/CD security controls
• Experience securing APIs, microservices, distributed systems, and system-of-systems (SoS) environments
• Experience implementing IAM strategies including RBAC, ABAC, MFA, and privileged access controls
• Experience supporting supply chain security including SBOM and dependency risk management
• Experience with penetration testing, vulnerability management, remediation tracking, and threat modeling
• Experience implementing data security, encryption, privacy controls, and PTA/PIA processes
• Experience supporting security operations including monitoring, alerting, incident response, and root cause analysis
• Experience with SIEM, container security, image scanning, runtime protection, and cloud-native security platforms
• Experience developing dashboards, KPIs, risk reporting, and security governance reporting
• Experience maintaining security documentation, architecture artifacts, playbooks, and compliance records

Core Strengths

• Strong ownership mindset with accountability for enterprise security outcomes
• Ability to influence security practices across engineering, architecture, and operational teams
• Strong decision-making capabilities balancing security, compliance, performance, and delivery objectives
• Effective communication across technical, operational, executive, and vendor stakeholders
• Ability to operate across complex, evolving, multi-contractor delivery environments
• Strong analytical and problem-solving skills with measurable impact on enterprise risk posture

Nice to Have (Differentiators)

• CISM, CISA, or other advanced cybersecurity certifications
• Experience supporting statistical and similarly large-scale federal modernization programs
• Experience implementing enterprise Zero Trust architectures
• Experience securing high-volume, real-time data processing platforms
• Experience supporting DevSecOps-enabled enterprise modernization programs
• Experience with large-scale cloud-native operational security environments

#DICE #Linkedin

Apply Now