Cybersecurity Engineer

Overview

Join our  cutting-edge generative AI (GenAI) platform, LIGER™, created by its technology studio, LMI Forge. LIGER™ harnesses the power of advanced technology, data analytics, and the latest in machine learning and natural language processing to provide secure, private, and trustworthy GenAI solutions for government. This position requires an active Secret clearance.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.  

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors—helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.  

Responsibilities

• Acquire and manage all necessary documentation/artifacts, including cybersecurity support and resources, to support IT cybersecurity goals and objectives from a risk management perspective.
• Advise senior management on system risk levels and cybersecurity posture for cloud-based environments
• Assist in the deployment, architecture and configuration of security controls of deployed systems with Cloud Architects
• Ensure that developed systems and architectures are consistent with all applicable DoD and Army cybersecurity policies and guidelines.
• Perform Assessment and Authorization (A&A) cybersecurity reviews, identify gaps, and support risk management plans for cybersecurity personnel to execute.
• Provide input on cybersecurity requirements and collect and maintain data needed to meet system cybersecurity compliance reporting.
• Provide subject matter expertise for Risk Management Framework (RMF) activities and related documentation to support system accreditation / Authority to Operate (ATO) requirements.
• Interpret noncompliance to determine the impact on levels of risk and/or overall effectiveness of the enterprise's cybersecurity program.
• Track audit findings and recommendations to ensure that appropriate mitigation actions are taken.
• Support necessary compliance activities (e.g., ensure that system security configuration guidelines are followed, compliance monitoring occurs).
• Coordinate with geographically-distributed, multi-discipline teams to ensure compliance with all applicable requirements for cybersecurity are addressed.
• Ensure that plans of action and milestones (POAM) or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc. and support necessary remediation/compliance activities.
• Participate in recurring cybersecurity working group meetings.
• Oversee and manage A&A activities for program level ISSOs and ISSMs to support an understanding of their respective systems and security activities.
• Work with program ISSOs and ISSMs to effectively aggregate technical details for government leadership including the cybersecurity lead, project managers, program managers to facilitate succinct and effective risk discussions and provide understanding of respective program risks.
• Provide security support and evaluation to development teams to integrate information assurance/cyber security and remediate vulnerabilities throughout the System Life Cycle Development for the tactical releases
• Lead the development, review and management of system Assess and Authorize documentation to ensure it is compliant with RMF standards.
• Develop guidance and assists associates through the RMF phases.
• Participate in IATT and ATO activities
• Support the organization's program that implements information systems security technology and procedures, to include access control and authentication of users and transmitted information.
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures (SOPs) on the security of information systems.
• Review Army and DoD policy and develop local policy and procedures that implement the Army and DoD's Cybersecurity subprograms and initiatives.
• Review and evaluate system and network changes for cybersecurity impact and effect on confidentiality, integrity, availability, and overall system security posture.
• Create and submit Plan of Actions & Milestones (POA&M) for review and approval by the Authorizing Official (AO)

Qualifications

Required Qualifications

• Bachelor's degree in a related field
• 5+ years demonstrated experience designing, implementing, and monitoring cybersecurity solutions  
• 5+ years demonstrated RMF and eMASS experience 
• Familiarity with cybersecurity tools such as ACAS and Tenable
• Certified Information Systems Security Professional (CISSP) (or Associate), Certified Information Security Manager (CISM), or equivalent DoD 8140 IAM Level III certification 
• Expertise in identifying and classifying technical security requirements and specifications
• Experience developing and evaluating enterprise and system security designs and related architectures
• Experience developing or ensuring development adheres to cybersecurity requirements and best practices (e.g., NIST controls, DISA STIGs)
• Familiarity with commercial off-the-shelf solutions for specific security capabilities
• Must possess an active Secret clearance

Desired Qualifications

•  
• Experience with DoD ATO reciprocity for enterprise system deployments
• Familiarity or experience with FedRAMP readiness or assessment processes
• Exposure to Army RMF 2.0, cArmy and Continuous Monitoring (CONMON)
• Previous work experience in interfacing with Defense Security/Cybersecurity Authorization Working Group (DSAWG)
• Experience in working with Security Control Overlays and Cross Domain Transfers and Access
• Previous work experience in IL6 environments, JWICs
• Previous work exposure to Docker and Kubernetes containers
• Exposure to AWS, Azure and Google Cloud

Target salary range: $111,427 - $200,000

Disclaimer: The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.