Lead Cybersecurity Engineer / Information Systems Security Engineer (ISSE), TS/SCI

Lead Cybersecurity Engineer / Information Systems Security Engineer (ISSE)

Cybersecurity Ops Sr Principal

Job Description

Seeking a Lead Cybersecurity Ops Engr / Information System Security Engineer (ISSE) to serve as a subject matter expert (SME) supporting the Department of the Air Force. You design, implement, and sustain DevSecOps pipeline(s) and supporting platform engineering capabilities. You will own the hands-on technical security engineering of the software factory and toolchain (CI/CD, IaC, artifact integrity, scanning, policy gates, and telemetry), ensuring the pipeline produces defensible artifacts and repeatable security outcomes that support assessment readiness and reduce manual compliance efforts.

The ISSE shall assume primary responsibility for the execution of the core mission to enable automated Risk Management Framework (RMF) control implementation, evidence generation, and continuous monitoring to achieve and maintain Authority to Operate (ATO/cATO) across all  environments. The role focuses on the hands-on technical security engineering of the software factory and toolchain (CI/CD, IaC, artifact integrity, scanning, policy gates, and telemetry), ensuring the pipeline produces defensible artifacts and repeatable security outcomes that support assessment readiness and reduce manual compliance efforts..

Typical job responsibilities Include:

• DevSecOps Pipeline Security Architecture & Design: Engineer a secure CI/CD pipeline and supporting services aligned with DoW DevSecOps reference designs. Define pipeline security requirements, trust boundaries, data flows, and enforcement points.
• Control Implementation as Code: Translate RMF security controls into automated pipeline guardrails, including policy gates, required checks, configuration baselines, and deployment constraints using Infrastructure as Code (IaC).
• Automated Security Testing & Quality Gates: Implement and maintain automated scanning (SAST/SCA/Container), IaC scanning, secrets detection, SBOM generation, and policy evaluation to enforce security thresholds within the build process.
• Software Supply Chain Integrity: Implement artifact provenance (signing/attestation), hardened base image usage, and release integrity controls to ensure a secure and auditable software supply chain.
• Continuous Monitoring Enablement: Engineer logging and telemetry pipelines to support continuous monitoring of pipeline events, platform security, compliance drift, and vulnerability status.
• Assessment Readiness & Evidence Packaging: Develop and maintain an "evidence map" that links pipeline outputs to specific RMF controls and assessment objectives, and support assessors with demonstrations of automated enforcement.
• Platform Integration & Operationalization: Coordinate with hosting platform providers to maximize inherited controls and implement secure configuration management, patching, and backup/recovery for all pipeline tooling.
• Develop and document the DevSecOps Pipeline Security Architecture (diagrams and narrative).
• Create and manage a Pipeline Controls-as-Code Implementation Plan.
• Produce standardized Pipeline Evidence Packages (e.g., scan reports, SBOMs, attestations).
• Design and implement a Continuous Monitoring Enablement Package (dashboards, alerts).
• Maintain a Pipeline Backlog and Gap Remediation Roadmap to track progress toward ATO/cATO readiness.

Qualifications

• 14 years of experience and a Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline, or a related discipline; or a Master's degree and 12 years of experience; or a PhD/JD and 9 years of experience.
• 6+ years of hands-on experience in a technical cybersecurity role such as Security Engineering, DevSecOps Engineering, or Cloud Security in a DoD or similar regulated environment.
• Demonstrated experience designing, building, and securing automated CI/CD pipelines (e.g., GitLab CI, Jenkins) and integrating security scanning tools (SAST, DAST, SCA).
• Proficiency with Infrastructure as Code (IaC) (e.g., Terraform, Ansible), containerization technologies (Docker, Kubernetes), and scripting languages (e.g., Python, Bash).
• DoD 8140 (Cyberspace Workforce Qualification Program) certification relevant to a techn