Security Engineer

Job Summary

Supporting the CMS CCSQ's ISG under the SIO contract, the full-time remote Security Engineer will configure, optimize, and maintain AWS WAF policies and security tooling, ensuring compliance and a robust security posture across cloud environments and CI/CD pipelines.

Key responsibilities

• Configure, tune, and document AWS WAF policies for CMS applications in compliance with change control procedures
• Support detection triage using CMS-approved tools, including rule tuning and vulnerability management
• Automate CI/CD pipeline security checks and implement defense-in-depth controls according to CMS policies

Required qualifications

• Bachelor's degree in Cybersecurity, Computer Science, IT, or related field
• 7+ years of cybersecurity engineering or cloud security experience in a federal IT environment
• Hands-on expertise with AWS security services: WAF, Security Hub, GuardDuty, Inspector, IAM
• Experience with FISMA compliance and NIST 800-53 controls
• Proficiency with vulnerability scanning tools such as Tenable or Nessus