[Hiring] Security Architect/Engineer @DecisionPoint | Cortek

Role Description

DecisionPoint seeks a Security Architect/Engineer to design, implement, and sustain secure enterprise architectures for a modernized Department of Defense (DoD) information system. The Security Architect will ensure systems meet stringent security, compliance, and operational standards through:

• Defense-in-depth engineering
• Zero Trust implementation
• RMF control integration across IL environments

This position plays a key role in establishing secure architectures that protect sensitive mission data while enabling operational agility, interoperability, and compliance with DoD cybersecurity mandates. This position is fully remote.

Note: By applying to this position, you acknowledge and consent to having your resume included in an active competitive government contract bid.

Duties & Responsibilities

• Lead the design and implementation of secure system architectures across multiple IL environments (IL2–IL5) in compliance with DoD and NIST standards.
• Define and validate security requirements throughout the system lifecycle, including hardware, software, and cloud components.
• Conduct risk assessments, security architecture reviews, and threat modeling to identify and mitigate vulnerabilities.
• Develop and maintain architecture diagrams, data flow mappings, and control baselines for ATO documentation and continuous monitoring.
• Implement Zero Trust principles including segmentation, strong identity management, encryption, and telemetry integration.
• Support and maintain RMF accreditation artifacts (SSP, SAR, POA&M, etc.) and ensure traceability to implemented controls.
• Integrate security automation and continuous compliance within DevSecOps pipelines using tools such as Tenable ACAS, AWS Inspector, and Twistlock.
• Collaborate with network, platform, and application teams to align technical implementations with cybersecurity policy and architecture standards.
• Define and enforce data protection and key management solutions (KMS, TDE, PKI) within AWS GovCloud and hybrid environments.
• Support vulnerability management, remediation tracking, and penetration testing coordination.
• Maintain awareness of evolving DoD cyber policies, cloud standards, and emerging security technologies to proactively improve posture.
• Lead technical deep dives and architecture reviews for proposed changes to ensure secure system evolution.
• Contribute to incident response readiness, ensuring forensic tools, audit logs, and alerting mechanisms are in place.
• Provide guidance and mentorship to engineers and administrators on secure configuration management, encryption, and boundary protection.

Qualifications

• Clearance Requirement: Must hold an active Top Secret clearance (SCI eligibility preferred).
• Education: Bachelor’s degree in Cybersecurity, Computer Science, or a related technical field.
• Experience: Minimum 7 years of experience in cybersecurity engineering, architecture, or secure system design for federal or defense environments.
• Experience developing and enforcing security architectures and control frameworks in AWS GovCloud IL4/IL5.
• Proven experience integrating security into Agile or DevSecOps pipelines and performing RMF-compliant design reviews.
• Technical Knowledge: Deep understanding of DoDI 8510.01 (RMF), NIST SP 800-53/171, and DISA STIG/SRG compliance frameworks.
• Expertise in cloud security architecture and Zero Trust implementation.
• Experience with encryption standards, data loss prevention (DLP), and secure identity management (SAML, OAuth, MFA).
• Proficiency with AWS GovCloud, container security, and Infrastructure as Code (IaC) security.
• Familiarity with network security principles, firewall design, VPNs, and segmentation.
• Knowledge of continuous monitoring tools such as Splunk, ELK Stack, CloudWatch, and GuardDuty.
• Experience supporting ATO/renewal efforts, POA&M closure, and security audit responses.
• Certifications (Preferred): CISSP, CISM, or CompTIA Advanced Security Practitioner (CASP+), AWS Certified Security – Specialty, CompTIA Security+ CE (DoD 8570 baseline), Certified Cloud Security Professional (CCSP).

Skills

• Strong analytical, architectural, and documentation skills.
• Ability to evaluate technical designs for compliance and security effectiveness.
• Excellent communication skills for presenting complex topics to technical and non-technical audiences.
• Strong collaboration across development, cybersecurity, and program management teams.
• Commitment to proactive risk management and secure modernization.