Security Architect/Engineer

DecisionPoint seeks a Security Architect/Engineer to design, implement, and sustain secure enterprise architectures for a modernized Department of Defense (DoD) information system. The Security Architect will ensure systems meet stringent security, compliance, and operational standards through defense-in-depth engineering, Zero Trust implementation, and RMF control integration across IL environments.

This position plays a key role in establishing secure architectures that protect sensitive mission data while enabling operational agility, interoperability, and compliance with DoD cybersecurity mandates.

This position is fully remote.

Note: By applying to this position, you acknowledge and consent to having your resume included in an active competitive government contract bid.

The Security Architect/Engineer will:

Lead the design and implementation of secure system architectures across multiple IL environments (IL2-IL5) in compliance with DoD and NIST standards.

• Define and validate security requirements throughout the system lifecycle, including hardware, software, and cloud components.

• Conduct risk assessments, security architecture reviews, and threat modeling to identify and mitigate vulnerabilities.

• Develop and maintain architecture diagrams, data flow mappings, and control baselines for ATO documentation and continuous monitoring.

• Implement Zero Trust principles including segmentation, strong identity management, encryption, and telemetry integration.

• Support and maintain RMF accreditation artifacts (SSP, SAR, POA&M, etc.) and ensure traceability to implemented controls.

• Integrate security automation and continuous compliance within DevSecOps pipelines using tools such as Tenable ACAS, AWS Inspector, and Twistlock.

• Collaborate with network, platform, and application teams to align technical implementations with cybersecurity policy and architecture standards.

• Define and enforce data protection and key management solutions (KMS, TDE, PKI) within AWS GovCloud and hybrid environments.

• Support vulnerability management, remediation tracking, and penetration testing coordination.

• Maintain awareness of evolving DoD cyber policies, cloud standards, and emerging security technologies to proactively improve posture.

• Lead technical deep dives and architecture reviews for proposed changes to ensure secure system evolution.

• Contribute to incident response readiness, ensuring forensic tools, audit logs, and alerting mechanisms are in place.

• Provide guidance and mentorship to engineers and administrators on secure configuration management, encryption, and boundary protection.

Clearance Requirement:

• Must hold an active Top Secret clearance (SCI eligibility preferred).

Education:

• Bachelor's degree in Cybersecurity, Computer Science, or a related technical field.

Experience:

• Minimum 7 years of experience in cybersecurity engineering, architecture, or secure system design for federal or defense environments.

• Experience developing and enforcing security architectures and control frameworks in AWS GovCloud IL4/IL5.

• Proven experience integrating security into Agile or DevSecOps pipelines and performing RMF-compliant design reviews.

Technical Knowledge:

• Deep understanding of DoDI 8510.01 (RMF), NIST SP 800-53/171, and DISA STIG/SRG compliance frameworks.

• Expertise in cloud security architecture and Zero Trust implementation.

• Experience with encryption standards, data loss prevention (DLP), and secure identity management (SAML, OAuth, MFA).

• Proficiency with AWS GovCloud, container security, and Infrastructure as Code (IaC) security.

• Familiarity with network security principles, firewall design, VPNs, and segmentation.

• Knowledge of continuous monitoring tools such as Splunk, ELK Stack, CloudWatch, and GuardDuty.

• Experience supporting ATO/renewal efforts, POA&M closure, and security audit responses.

Certifications (Preferred):

• CISSP, CISM, or CompTIA Advanced Security Practitioner (CASP+).

• AWS Certified Security - Specialty.

• CompTIA Security+ CE (DoD 8570 baseline).

• Certified Cloud Security Professional (CCSP).

Skills:

• Strong analytical, architectural, and documentation skills.

• Ability to evaluate technical designs for compliance and security effectiveness.

• Excellent communication skills for presenting complex topics to technical and non-technical audiences.

• Strong collaboration across development, cybersecurity, and program management teams.

• Commitment to proactive risk management and secure modernization.

• EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
• Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
• Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.