^E01 Cyber Security Engineer & Compliance Lead jobs in United States
cer-icon
Apply on Employer Site
company-logo

EXPANSIA · 1 day ago

^E01 Cyber Security Engineer & Compliance Lead

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level, Lead/Staff
money$144K/yr - $196K/yr
date8+ years exp

EXPANSIA is a service-disabled veteran-owned company that empowers organizations to be mission ready now with data, people, and ecosystems. As a Cybersecurity Engineer and Compliance Lead, you will leverage your technical expertise to design, implement, and validate security controls while ensuring compliance with DoD cybersecurity standards and Risk Management Framework requirements for complex information systems and networks.

Business DevelopmentBusiness Information SystemsInformation Technology
check
Work & Life BalancebadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Lead cybersecurity and compliance responsibilities for assigned systems, including control implementation, documentation, and coordination with the ISSM for enterprise reporting and ATO sustainment
Support the ISSM with continuous monitoring responsibilities, including log review and analysis using SIEM tools (e.g., Splunk) to identify anomalies, validate security control effectiveness, and support incident response coordination
Conduct Vulnerability Analysis and Review of ACAS scans
Lead POA&M management, including development of realistic remediation strategies, validation coordination with engineers, and ongoing tracking in support of system ATO sustainment
Utilize DevSecOps methodologies to analyze and ensure that development requirements effectively integrate security requirements throughout the entire process
Employ best practices when implementing controls including software engineering methodologies; system and security engineering principles; security-enhancing design, architecture, and coding techniques
Validate system architecture diagrams and component boundary definitions to ensure consistency with security authorization boundaries and inherited control structures
Coordinate security activities with system leads, ISSM’s and program managers
Lead or support system categorization, control selection, and inheritance planning; ensure artifacts in eMASS are maintained and aligned with RMF timelines and requirements
Ensure system-level security requirements are identified, designed, implemented, and evaluated in coordination with engineers and stakeholders
Conduct formal risk assessments, evaluate mitigation options and residual risks, and deliver actionable recommendations to system stakeholders
Design, deploy, and validate security control implementations; employ security-as-code in CI/CD pipelines using tools such as Terraform, Ansible, or AWS CloudFormation
Conduct security design reviews of infrastructure components such as VPCs, IAM roles, load balancers, and container orchestration services (ECS, Fargate)
Lead internal and external security audits and investigations, coordinate responses to findings, and oversee corrective action plans
Provide authoritative guidance on cybersecurity strategy, policy application, and compliance across development and operations environments, ensuring integration with DoD and Service Component cybersecurity architectures and Zero Trust principles
Lead system-level Continuous Monitoring efforts, including vulnerability remediation tracking, control validation, STIG compliance, and submission of recurring security status reports to AO-designated representatives
Ensure compliance with government regulations and industry standards
Support operational strategies aligned within your program and initiatives that optimize processes, enhance productivity, and ensure quality across all program functions
Ensure 100% of planned hours are worked and recorded
Identify and forward to your leadership any opportunities that could lead to growth within your work area
Ensure all contractual deliverables are met/exceeded to the customer's satisfaction
Completes personal PDP and attend Staff Meeting and Storytime (with camera on)
Within your program, build productive and positive professional relationships with clients
Performs other related duties as assigned

Qualification

DoD 8570/8140 certificationRMF experienceCloud security complianceSecurity control implementationNIST 800-53 Rev. 5Infrastructure-as-Code toolsVulnerability assessment toolsMultitaskingCreative thinkingProblem-solving skills

Required

Active Secret clearance
Bachelor's (or equivalent) with 10 - 12 years of experience, or a Master's with 8 - 10 years of experience
DoD 8570/8140 certification required. IAM Level III preferred (e.g., CISSP, GSLC, CISM)
Experience directly configuring and deploying technical security controls in cloud and containerized environments (IAM policies, VPC configurations, ECS hardening, container runtime controls)
Solid application of systems engineering concepts, principles, and theories
Creative thinker, good at multitasking
Ability to clearly recognize and report relevant system security concerns and issues
Understanding of verification and validation process
Demonstrated experience leading RMF efforts for DoD classified and/or unclassified systems through assessment and authorization (A&A), including artifact development in eMASS
Ability to interpret and implement NIST 800-53 Rev. 5 controls and translate into actionable engineering and operational requirements
Familiarity with compliance-as-code frameworks (OpenSCAP, InSpec, ConMon dashboards)
Familiarity with developing and maintaining artifacts aligned to continuous monitoring, including control evidence repositories, system inventory tracking, and active POA&M management
Strong working knowledge of ACAS, Nessus, eMASS, AWS Inspector, and security documentation requirements
Experience interpreting and applying DISA STIGs, SCAP results, and vulnerability severity data from Nessus or AWS Inspector within enterprise-level remediation strategies

Preferred

Experience working on large-scale software projects
Experience operating in Agile or DevSecOps environments with security control overlay support
Familiarity with cloud security compliance (e.g., AWS GovCloud, Azure IL5+, Cloud One)
Proficiency with Infrastructure-as-Code (IaC) tools for secure cloud provisioning (e.g., Terraform, CloudFormation)
Experience with Zero Trust implementation strategies in hybrid and cloud-native environments
Experience leading classified information system security programs
Knowledge of cybersecurity frameworks and incident response best practices
Proficiency in security compliance reporting and security documentation best practices
Strong problem-solving and decision-making skills related to security risk management

Benefits

Health and wellness programs
Income protection
Paid leave
Retirement and savings

Company

EXPANSIA

twittertwittertwitter
company-logo
EXPANSIA is a leader in business strategy design, development and execution, and technology integration for defense organizations.
dateFounded in 2014
location
Nashua, New Hampshire, USA
people-size51-200 employees
web-link
http://expansiagroup.com/

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Richard Nelson
Partner and Chief Financial Officer
linkedin
leader-logo
Steve Vorisek
Chief Operating Officer
linkedin

Recent News

Washington Technology
A trio of CEO transitions and more leadership moves to note as fiscal 2026 arrives
2025-10-11
Company data provided by crunchbase