Security Engineer Security Clearance

Position: Security Engineer with Security Clearance
About Peraton Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace.

The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit  to learn how we're keeping people around the world safe and secure. About

The Role Peraton is seeking an experienced Security Engineer to support the security, compliance, and maintenance of a large-scale, web-based government application. In this role, you will be responsible for implementing and sustaining a comprehensive security posture aligned with NIST SP 800-53 (Moderate), SOC 2 Type II, OWASP Top 10, and applicable state and federal regulatory requirements. You will work closely with program teams, agency stakeholders, and independent auditors to ensure continuous compliance, rapid incident response, and robust data protection across all environments.

Location:

This position is remote; however, candidates must reside within the Pacific Time Zone (PST) and be located in Oregon or Washington, or within close proximity to Salem, Oregon to support occasional onsite travel requirements. Day to Day

Roles and Responsibilities:

* Design, implement, and maintain security controls in accordance with NIST SP 800-53 (Moderate) across all system components

* Deploy, configure, and maintain a Web Application Firewall (WAF) and enforce OWASP Top 10 validation throughout the software development lifecycle

* Implement and manage TLS 1.2/1.3 encryption for data in transit and 256-bit AES (FIPS 140-2/140-3 compliant) encryption for data at rest

* Conduct and coordinate SAST, DAST, and Software Composition Analysis (SCA) as part of the secure development lifecycle

* Maintain a Software Bill of Materials (SBOM) for all applications and manage application allow listing to prevent unauthorized software execution

* Implement and manage IEEE 802.1x certificate-based network access control

* Develop, maintain, and continuously update the Security Risk Management Plan

* Manage real-time, automated hardware and software asset inventory tracking

* Coordinate and support annual independent security audits (NIST SP 800-53 Moderate or SOC 2 Type II); deliver SOC 2 Type II reports.

* Monitor system security logs and provide on-demand access to designated agency personnel

* Lead incident response activities; deliver breach/incident notifications to the Agency within 24 hours of discovery

* Ensure all Agency Data remains within the United States or its territories at all times - no overseas access, transmission, storage, or backup permitted

* Manage cryptographic key lifecycle in accordance with NIST SP 800-57

* Perform data sanitization and media destruction per NIST SP 800-88 (Rev.
1)

* Classify and protect all Agency Data per applicable Oregon Information Asset Classification policies

* Generate User Access Reports and Data Sanitization Certifications upon agency request

* Provide prior notification to the Agency before responding to any third-party or law enforcement requests for Agency Data

* Ensure all personnel complete periodic privacy and security training per NIST SP 800-53 AT family controls

* Support disaster recovery planning and geographically dispersed hosting operations within Oregon
Qualifications

Basic Qualifications:

* Bachelors degree and 5 years of experience or an Associates degree and 7 years of experience or a High School diploma and 9 years of experience.

* Must be a U.S. Citizen or Green Card holder.
* Must be able to pass an FBI NCIC fingerprint-based background check

* Must reside in the Oregon/Washington area

* 5+ years of experience in information security engineering, cybersecurity, or a…