Job Details

About the role

Seeking a proactive Senior Cybersecurity Engineer to support the Pipeline and Hazardous Materials Safety Administration (PHMSA) Operations and Maintenance (O&M) program. This role goes beyond a traditional cybersecurity engineering position, blending deep technical expertise with a strong programmatic mindset and an emphasis on maintaining and advancing the system's security posture. In addition to core cybersecurity responsibilities, the Senior Cybersecurity Engineer will support emerging security initiatives such as code scanning, collaborate closely with software engineering teams to identify and remediate vulnerabilities, and partner with the System Owner and Information System Security Manager (ISSM) to support annual security assessments. This is a highly dynamic and evolving role that requires providing trusted cybersecurity consulting and advisory services to the client. This is a mostly remote position with occasional trips to DOT HQ at the customer's discretion.

Job Responsibilities

• Monitor and analyze vulnerability reports from PHMSA security tools, including Invicti, Tenable, and Synack.
• Develop and maintain processes and standard operating procedures (SOPs) for cybersecurity initiatives, including code scanning and vulnerability management.
• Collaborate with the O&M team to remediate identified vulnerabilities or collect and validate evidence to document false positives.
• Plan, facilitate, and lead weekly security vulnerability meetings, including status tracking and follow-up actions.
• Partner with the System Owner and Information System Security Manager (ISSM) to track, manage, and report on Plans of Action and Milestones (POA&Ms).
• Conduct comprehensive risk assessments to identify potential security threats and vulnerabilities and develop mitigation strategies to effectively manage risk.
• Stay current with federal cybersecurity regulations and frameworks, including NIST, FISMA, and other applicable standards, ensuring ongoing compliance and timely reporting.
• Participate in weekly Configuration Management Board and engineering meetings, as requested, to support coordination and alignment across teams.
• Translate stakeholder requirements into clear, actionable functional specifications for developers and data engineers.
• Track, analyze, and report on vulnerability remediation progress, risks, and trends.
• Ensure all deliverables meet federal compliance standards and PHMSA operational requirements.
• Serve as a liaison between technical teams and non-technical stakeholders to ensure clear communication and shared understanding.

Required skills

Certified Information Systems Security Professional (CISSP) NIST FISMA Agile Standard operating procedures (SOPs)

Preferred skills

Project Management Professional (PMP) Public Trust

Education requirements

Degree

Bachelor

Major

Computer Science

Job Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, Engineering, or a related scientific, technical, or functional discipline.
• 5+ years of specialized experience and 7 years of overall relevant experience.
• Certified Information Systems Security Professional (CISSP) or equivalent.
• In-depth knowledge of federal cybersecurity regulations and frameworks, including NIST, FISMA, and other applicable standards.
• Strong written and verbal communication skills, with the ability to collaborate effectively with stakeholders at all organizational levels.
• Proven experience gathering, documenting, and maintaining functional and technical processes, including standard operating procedures (SOPs).
• Demonstrated ability to work effectively with both technical and non-technical federal stakeholders.
• Experience supporting federal government IT projects in an Agile delivery environment.
• A Project Management Professional (PMP) or equivalent is preferred.
• Clearance: U.S. Citizen; Public Trust or eligible to obtain a Public Trust.