E01 Cyber Security Engineer and Compliance Lead

Start Date: Immediate

EXPANSIA is a service-disabled veteran-owned company that empowers organizations to be mission ready now with data, people, and ecosystems. As experts in continuous-delivery methods that drive digital adoption, we are dedicated to innovation, efficiency, and technology that benefit the warfighter. EXPANSIA specializes in integration, automation, and sustainment modernization through technology-enabled delivery models, digital engineering, and cloud-ready solutions.

OVERVIEW

Full-time/Permanent Employee

Location: Hybrid in Dayton, OH

As a Cybersecurity Engineer and Compliance Lead, you will leverage your technical expertise to design, implement, and validate security controls while ensuring compliance with DoD cybersecurity standards and Risk Management Framework (RMF) requirements for complex information systems and networks. You will prepare Security Test and Evaluation plans; provide RMF support in the development of security and contingency plans and conduct complex risk and vulnerability assessments. Serve as a senior cybersecurity lead on programs requiring compliance with RMF and advise stakeholders on the development and implementation of security controls across all RMF steps, including monitoring and maintenance. Serve as a partner and peer to the Program ISSM for systems undergoing Authorization to Operate (ATO). Develop and maintain system security plans, contingency plans, and recommend enhancements to mitigate identified security deficiencies. Develop, test, and integrate computer and network security tools. Secure system configurations and install security tools. Scan systems to determine compliance, report results, and evaluate security tool performance. Provide technical input on system administration security configurations. Conduct security program audits and develops solutions to lessen identified risks. Act as a senior engineering liaison between development teams and cybersecurity compliance, translating control requirements into system architecture, configuration baselines, and secure coding practices. Guide and mentor junior application and security engineers in continuous improvement of security posture and compliance processes.

The proposed salary range for this position is $139,725-$195,225. There are a host of factors that can influence final salary including, but not limited to, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications. Our employees value the flexibility EXPANSIA allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our unique mix of benefits options is designed to support and protect employees and their families. Employment benefits include health and wellness programs, income protection, paid leave and retirement and savings.

RESPONSIBILTIES

• Lead cybersecurity and compliance responsibilities for assigned systems, including control implementation, documentation, and coordination with the ISSM for enterprise reporting and ATO sustainment
• Support the ISSM with continuous monitoring responsibilities, including log review and analysis using SIEM tools (e.g., Splunk) to identify anomalies, validate security control effectiveness, and support incident response coordination
• Conduct Vulnerability Analysis and Review of ACAS scans
• Lead POA&M management, including development of realistic remediation strategies, validation coordination with engineers, and ongoing tracking in support of system ATO sustainment
• Utilize DevSecOps methodologies to analyze and ensure that development requirements effectively integrate security requirements throughout the entire process
• Employ best practices when implementing controls including software engineering methodologies; system and security engineering principles; security-enhancing design, architecture, and coding techniques
• Validate system architecture diagrams and component boundary definitions to ensure consistency with security authorization boundaries and inherited control structures
• Coordinate security activities with system leads, ISSM’s and program managers
• Lead or support system categorization, control selection, and inheritance planning; ensure artifacts in eMASS are maintained and aligned with RMF timelines and requirements
• Ensure system-level security requirements are identified, designed, implemented, and evaluated in coordination with engineers and stakeholders
• Conduct formal risk assessments, evaluate mitigation options and residual risks, and deliver actionable recommendations to system stakeholders
• Design, deploy, and validate security control implementations; employ security-as-code in CI/CD pipelines using tools such as Terraform, Ansible, or AWS CloudFormation
• Conduct security design reviews of infrastructure components such as VPCs, IAM roles, load balancers, and container orchestration services (ECS, Fargate)
• Lead internal and external security audits and investigations, coordinate responses to findings, and oversee corrective action plans
• Provide authoritative guidance on cybersecurity strategy, policy application, and compliance across development and operations environments, ensuring integration with DoD and Service Component cybersecurity architectures and Zero Trust principles
• Lead system-level Continuous Monitoring efforts, including vulnerability remediation tracking, control validation, STIG compliance, and submission of recurring security status reports to AO-designated representatives
• Ensure compliance with government regulations and industry standards
• Support operational strategies aligned within your program and initiatives that optimize processes, enhance productivity, and ensure quality across all program functions.
• Ensure 100% of planned hours are worked and recorded
• Identify and forward to your leadership any opportunities that could lead to growth within your work area
• Ensure all contractual deliverables are met/exceeded to the customer's satisfaction
• Completes personal PDP and attend Staff Meeting and Storytime (with camera on)
• Within your program, build productive and positive professional relationships with clients
• Performs other related duties as assigned

KEY QUALIFICATIONS

• Clearance: Secret Clearance
• Education and Years of Experience: Bachelor's degree (or equivalent) with 10-12 years of experience, or a Master’s degree with 8-10 years of experience
• DoD 8570/8140 certification required. IAM Level III preferred (e.g., CISSP, GSLC, CISM)
• Experience directly configuring and deploying technical security controls in cloud and containerized environments (IAM policies, VPC configurations, ECS hardening, container runtime controls)
• Solid application of systems engineering concepts, principles, and theories
• Creative thinker, good at multitasking
• Ability to clearly recognize and report relevant system security concerns and issues
• Understanding of verification and validation process
• Demonstrated experience leading RMF efforts for DoD classified and/or unclassified systems through assessment and authorization (A&A), including artifact development in eMASS
• Ability to interpret and implement NIST 800-53 Rev. 5 controls and translate into actionable engineering and operational requirements
• Familiarity with compliance-as-code frameworks (OpenSCAP, InSpec, ConMon dashboards)
• Familiarity with developing and maintaining artifacts aligned to continuous monitoring, including control evidence repositories, system inventory tracking, and active POA&M management
• Strong working knowledge of ACAS, Nessus, eMASS, AWS Inspector, and security documentation requirements
• Experience interpreting and applying DISA STIGs, SCAP results, and vulnerability severity data from Nessus or AWS Inspector within enterprise-level remediation strategies

PREFERRED ADDITIONAL QUALIFICATIONS

• Experience working on large-scale software projects
• Experience operating in Agile or DevSecOps environments with security control overlay support
• Familiarity with cloud security compliance (e.g., AWS GovCloud, Azure IL5+, Cloud One)
• Proficiency with Infrastructure-as-Code (IaC) tools for secure cloud provisioning (e.g., Terraform, CloudFormation)
• Experience with Zero Trust implementation strategies in hybrid and cloud-native environments
• Experience leading classified information system security programs
• Knowledge of cybersecurity frameworks and incident response best practices
• Proficiency in security compliance reporting and security documentation best practices
• Strong problem-solving and decision-making skills related to security risk management

EXPANSIA is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.