Senior Cyber Security Engineer

About LEXSO

Layered Extended Security Operations (LEXSO) is Constellis’ advanced multi-sensor integration platform, purpose-built to deliver real-time situational awareness and operational automation. By integrating leading-edge sensors, cloud-native infrastructure, and AI-driven analytics, LEXSO enables responses at the speed of sensing to protect critical infrastructure, bases of operations, and high-value assets worldwide.

POSITION SUMMARY

We are seeking a hands-on Senior Cyber Security Engineer to lead the security architecture, compliance, and DevSecOps implementation for the LEXSO platform.

The Senior Cyber Security Engineer will bridge the gap between "Compliance" and "Engineering." You will not just audit the system—you will help build it securely. This role is responsible for achieving Authority to Operate (ATO) under DoD Risk Management Framework (RMF) standards among other federal certifications while embedding security automation directly into our CI/CD pipelines. You will work side-by-side with backend and frontend engineers to harden the microservices architecture against evolving threats.

Responsibilities

• Lead the technical execution of the RMF process to achieve and maintain Authority to Operate (ATO) for the LEXSO platform
• Implement security controls in accordance with NIST SP 800-53 and DoD SRG/STIGs
• Generate and maintain artifacts required for eMASS, including SSPs, POAMs, and SARs
• Conduct self-assessments using ACAS (Nessus) and SCAP Compliance Checker (SCC) to identify vulnerabilities
• Integrate automated security testing (SAST/DAST) tools (e.g., SonarQube, OWASP ZAP) into the GitLab/GitHub CI/CD pipeline

• Develop scripts (Python, Bash, Ansible) to automate patching and configuration management for Linux (RHEL/Ubuntu) servers
• Implement Container Security scanning for Docker/Kubernetes environments to detect vulnerabilities before deployment
• Enforce "Security as Code" principles using Terraform or Helm charts

• Analyze vulnerability scan results and write the code/scripts to remediate findings (e.g., fixing SSH configurations, patching libraries, hardening NGINX)
• Harden APIs and microservices by implementing secure authentication (OAuth2/JWT/mTLS) and encryption standards (FIPS 140-2)
• Respond to zero-day threats and CVEs by rapidly deploying hotfixes to the production environment

• Conduct threat modeling sessions with the engineering team to identify attack vectors in the multi-sensor architecture
• Design and implement secure logging and auditing pipelines (ELK Stack/Splunk) to meet audit requirements
• Advise on the secure architecture for integrating third-party sensors (LiDAR, Radar) and IoT devices

• Work is typically based in a busy office environment and subject to frequent interruptions. Business work hours are Monday-Friday from 8:00 am to 5:00 pm, however some extended or weekend hours may be required. 

Qualifications

• 8+ years of experience in Cyber Security Engineering or DevSecOps.
• Proven track record of achieving ATO (Authority to Operate) for a software system in a DoD/Federal environment
• Hands-on experience with RMF, NIST 800-53, and DISA STIGs
• Proficiency in scripting languages (Python, Bash) for automation (This is a coding role, not just an auditing role)
• Experience with vulnerability scanning tools (ACAS/Nessus, SonarQube, Burp Suite)
• Strong knowledge of Linux Security (SELinux, iptables, hardening)
• Experience with CI/CD tools (GitLab CI, Jenkins) and Container Security (Docker/K8s)
  • Certifications (Must meet DoD 8570 IAT Level II/III):
• CISSP, CASP+, or Security+ CE (Required)
• Active Secret Security Clearance
• Bachelor’s degree in Computer Science, Cyber Security, or related technical discipline.
• May be required to lift and carry awkward items weighing up to 25 lbs. Requires intermittent standing, walking, sitting, squatting, stretching and bending throughout the workday. 
• Preferred Experience:
  • Experience securing cloud environments (AWS GovCloud / Azure Government)
  • Experience with FedRAMP authorization processes
  • Familiarity with "Zero Trust" architecture principles
  • Previous experience as a Software Developer before moving into Security

BENEFITS

Constellis offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects its commitment to creating a diverse and supportive workplace.