Apply on Employer Site

Guidehouse · 8 hours ago

Security Engineer (Platform Assurance / Compliance)

Huntsville, AL

Full-time

Onsite

Senior Level

5+ years exp

Guidehouse is seeking a Security Engineer to join their Technology / AI and Data team, supporting mission-critical initiatives for Defense and Security clients. The role involves ensuring AI-driven platforms meet federal security and compliance requirements, collaborating with various teams to embed secure architecture, and acting as a liaison between engineering and security stakeholders.

AdviceConsultingManagement Consulting

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Serves as a core security engineer ensuring the adjudication AI platform meets applicable federal requirements including FedRAMP High, RMF, NIST 800-53, CJIS, and FBI ATO standards

Collaborates with cloud, DevOps, backend, and AI/ML teams to embed secure architecture patterns, validate control implementation, and maintain continuous monitoring readiness across all platform components

Develops RMF documentation, supports POA&M management, conducts vulnerability assessments, ensures secure baseline configurations, and supports accreditation activities

Acts as the liaison between engineering teams and ISSO/security stakeholders, ensuring risks are identified, tracked, and remediated efficiently

Implement NIST 800-53 and FedRAMP High controls across access management, encryption, monitoring, boundary protection, configuration management, and secure data lifecycle workflows

Validate secure configuration of AWS GovCloud services, EKS clusters, container runtimes, VPC boundaries, IAM policies, and workload identities

Ensure backend APIs, vector stores, retrieval services, LLM inference gateways, scoring engines, and memo-generation modules follow compliant security standards

Embed secure coding, least-privilege access enforcement, input validation, and hardened model-serving workflows across all development teams

Develop and maintain SSPs, CIS statements, boundary diagrams, data-flow diagrams, and continuous monitoring documentation for ATO readiness

Assist with creation, tracking, and remediation of POA&M items, ensuring timely closure of vulnerabilities and deficiencies

Prepare system artifacts for assessments, security testing, authorization reviews, and continuous monitoring updates

Support mapping of AI/ML-specific risks—model outputs, retrieval pathways, data provenance—to RMF controls and ATO expectations

Conduct vulnerability scans (Inspector, ECR scanning, Nessus/Qualys), analyze results, and coordinate remediation with engineering teams

Support patching workflows, baseline enforcement, configuration drift detection, and container/OS hardening processes

Validate CloudTrail, CloudWatch, GuardDuty, Config Rules, and other logging/monitoring systems for compliance with AU, SI, RA, and CM control families

Develop dashboards and reporting for CA-7, RA-5, CM-6, AU-x, and other continuous monitoring requirements

Integrate SAST, SCA, IaC scanning, container scanning, and dependency verification into DevSecOps workflows

Validate Terraform/CloudFormation templates for alignment with encryption, identity, and GovCloud boundary restrictions

Review API design, authentication flows, model inference endpoints, and data-ingestion pipelines for security gaps or policy violations

Support hardening of LLM workflows, retrieval processes, and document-ingestion operations

Work with backend, cloud, AI/ML, and data engineering teams to translate controls into engineering requirements aligned with adjudication workflows

Provide teams with security requirements, engineering checklists, and compliance guidance to accelerate delivery while maintaining security posture

Collaborate with adjudicators, mission SMEs, and operations teams to ensure evidence tracking, audit logging, and data-handling workflows support mission needs

Qualification

NIST 800-53FedRAMP HighAWS GovCloudCybersecurity EngineeringRMFVulnerability ScanningATO DocumentationRisk AssessmentContinuous MonitoringSecure CodingDevSecOpsZero-Trust ArchitecturesAI/ML SecuritySCIF-Compatible SystemsCISSPSecurity+CCSPAWS Security SpecialtyCommunicationCollaboration

Required

An ACTIVE and MAINTAINED 'TOP SECRET' Federal or DoD security clearance and obtained and maintain TS/SCI clearance

Bachelor's Degree or Four (4) additional Years of experience in lieu of degree

5+ years of cybersecurity engineering experience, including 3+ years supporting RMF, FedRAMP, CJIS, or ATO systems

Knowledge of NIST 800-53 controls, FedRAMP High requirements, AWS GovCloud security patterns, IAM, encryption (KMS/TLS), logging pipelines, and vulnerability scanning tools

Experience writing ATO documentation, control statements, risk assessments, and boundary artifacts

Strong communication skills supporting collaboration with engineers and mission stakeholders