Lead Security Engineer

Description

Cloud computing continues to allow us to modernize and consolidate IT infrastructure, automate workloads, and pursue next-generation innovation. We are seeking a Security Engineer to serve as a technical leader for our critical cloud modernization initiatives. This high-impact role is focused on securing Azure cloud environments and embedding security into every phase of the System Development Life Cycle (SDLC).

As the Senior Security Engineer, you will define the security posture, lead implementation, and oversee the governance of cloud security solution for our IHS customer. This role is pivotal in ensuring the confidentiality, integrity, and availability of cloud-hosted assets while enabling secure innovation  will partner closely with Cloud Engineers and program leadership to drive continuous improvement and deliver maximum value to the mission.

• Cloud Security Architecture: Design, architect, and implement secure, scalable cloud infrastructure across an Azure platform, ensuring alignment with Zero Trust principles and defense-in-depth strategies.
• Identity, Credential, and Access Management (ICAM): Architect, implement, and maintain secure ICAM solutions, including federated identity, Role-Based Access Control (RBAC), and robust encryption/key management systems (KMS) as required.
• Dev Sec Ops  Integration: Lead the integration of security tools and practices into CI/CD pipelines (Dev Sec Ops  workflows) to enable automated security testing, vulnerability scanning, and compliance validation.
• Automation: Define, enforce, and automate cloud security policies, standards, and control frameworks using Infrastructure as Code (IaC) and native cloud services.

• Compliance Strategy: Develop and lead strategic approaches for achieving and maintaining compliance with critical federal frameworks, including FedRAMP and NIST SP 800-53.
• Authorization Liaison: Serve as the primary security liaison, implementing necessary controls and coordinating closely with authorizing officials (AOs) at Health and Human Services (HHS) and other federal agencies throughout the Authority to Operate (ATO) process.
• System Documentation: Lead efforts to develop, maintain, and oversee all system security documentation, including System Security Plans (SSPs), standard operating procedures, security control baselines, implementation details, and other compliance workbooks/whitepapers.
• Cybersecurity Governance: Represent Cybersecurity on contractor and government Change Control Boards (CCBs) to ensure all system changes are assessed for security impact and compliance prior to deployment.
• Audit Support: Lead security control assessments, support audits of the system, and drive the development and closure of Plan of Action & Milestones (POA&M) findings.

• Threat &
  
  Risk Management:
  
  Lead comprehensive threat modeling and vulnerability management efforts. Conduct thorough Security Impact Analyses (SIAs) and risk assessments for new services, functionality, and proposed architectural changes, ensuring all risks are documented and mitigated.
• Continuous Monitoring: Design and implement continuous monitoring solutions using Cloud Security Posture Management, Cloud Workload Protection Platform, and other advanced security tools.
• Stakeholder Alignment: Collaborate across engineering, compliance, and operations teams.
  Serve as a technical authority to internal and external customers, defending security posture changes related to Configuration Management (CM) and the overall security baseline.
• Proactive Strategy: Stay ahead of emerging cloud threats, evolving attack vectors, and industry best practices, proactively recommending mitigation and strategic security improvements.

• Education: Bachelor’s Degree in Computer Science, Engineering, Information Technology, or a related field. Additional years of experience may be considered in lieu of a degree.
• Experience: 8-12 years of professional experience in IT, with a minimum of 6+ years focused on Information Security Engineering, with at least 2 years focused on cloud security architecture.
• Clearance: Ability to obtain and maintain a Public Trust or higher security clearance (if required for the mission/client).
• Certifications: Active, advanced security certification required, such as CCSP (Certified Cloud Security Professional) and Azure Security Engineer Associate (AZ-500).

• Azure Security Expertise: Deep, verifiable expertise in securing Azure services, cloud architectures, and the shared responsibility model. Expert-level understanding of how to implement NIST SP 800-53 (Rev
  5) security controls within an Azure Government environment.
• Identity, Credential, and Access Management (ICAM): Extensive experience with Azure Active Directory (Azure AD/Entra ), conditional access policies, and hybrid identity solutions.
• Automation: Hands-on…