Senior Information Systems Security Engineer

GovCIO is currently hiring for a Senior Information Systems Security Engineer to support cybersecurity, compliance, and risk management activities supporting the U.S. Coast Guard (USCG). This role provides high-level engineering, technical execution, and security management to maintain federal security standards, manage vulnerabilities, and ensure mission-critical systems achieve and retain authorization. This position will be located in Alexandria, VA, and will be a hybrid position.

As a Senior Information Systems Security Engineer, you will serve as a senior technical contributor for the cybersecurity posture, compliance framework, and risk management initiatives. Core responsibilities include:

• Support the program’s cyber‑risk reduction and vulnerability mitigation.
• Performs continuous scanning, patching, and exposure reduction activities.
• Maintains ATO compliance and strengthens security governance.
• Expands security automation to improve resilience and consistency.
• Collaborate with infrastructure and engineering teams to ensure vulnerability mitigation and scanning tools are embedded in design.
• Evaluate risk and document compliance baselines to strengthen overall system security governance.
• Participate in technical reviews to continuously analyze and mitigate vulnerabilities across the environment.
• Support automation implementation and continuous monitoring of security controls within cloud environments.
• Work with product managers to plan security compliance and prioritize scanning, patching, and risk reduction tasks.
• Facilitate documentation required to maintain secure interconnections and preserve ATO compliance status.
• Support Product Teams in preparing for cyber assessments to proactively validate vulnerability mitigation and security posture.

High School with 9+ years (or commensurate experience)

Required Skills & Experience

• Certifications:
  
  DoD 8570 IAT Level II or higher (e.g., Security+ CE, CySA+, etc).

• Experience focused on cyber-risk reduction, vulnerability mitigation, and maintaining compliance frameworks.

• Demonstrated technical experience performing continuous scanning, risk analysis, and endpoint patching workflows.

• Working knowledge of risk reduction governance, baseline compliance frameworks, and security automation principles.

• Ability to collaborate effectively with engineers to translate technical system configurations into risk reduction strategies.

Clearance Level: Must have an active Secret clearance

Preferred Skills & Experience

• Prior experience supporting software modernization programs through continuous scanning and automated exposure reduction.
• Advanced baseline cybersecurity certifications focused on governance and risk mitigation (e.g., CCISO, CISM, CISSP, or GSLC).
• Strong written communication skills to articulate risk metrics, vulnerability statuses, and compliance posture to leadership.