[Remote] Security Engineer
Note: The job is a remote job and is open to candidates in USA. Peraton is a next-generation national security company that drives missions of consequence. They are seeking an experienced Security Engineer to support the security, compliance, and maintenance of a large-scale, web-based government application, ensuring a comprehensive security posture aligned with regulatory requirements.ResponsibilitiesDesign, implement, and maintain security controls in accordance with NIST SP 800-53 (Moderate) across all system componentsDeploy, configure, and maintain a Web Application Firewall (WAF) and enforce OWASP Top 10 validation throughout the software development lifecycleImplement and manage TLS 1.2/1.3 encryption for data in transit and 256-bit AES (FIPS 140-2/140-3 compliant) encryption for data at restConduct and coordinate SAST, DAST, and Software Composition Analysis (SCA) as part of the secure development lifecycleMaintain a Software Bill of Materials (SBOM) for all applications and manage application allowlisting to prevent unauthorized software executionImplement and manage IEEE 802.1x certificate-based network access controlDevelop, maintain, and continuously update the Security Risk Management PlanManage real-time, automated hardware and software asset inventory trackingCoordinate and support annual independent security audits (NIST SP 800-53 Moderate or SOC 2 Type II); deliver SOC 2 Type II reportsMonitor system security logs and provide on-demand access to designated agency personnelLead incident response activities; deliver breach/incident notifications to the Agency within 24 hours of discoveryEnsure all Agency Data remains within the United States or its territories at all times — no overseas access, transmission, storage, or backup permittedManage cryptographic key lifecycle in accordance with NIST SP 800-57Perform data sanitization and media destruction per NIST SP 800-88 (Rev. 1)Classify and protect all Agency Data per applicable Oregon Information Asset Classification policiesGenerate User Access Reports and Data Sanitization Certifications upon agency requestProvide prior notification to the Agency before responding to any third-party or law enforcement requests for Agency DataEnsure all personnel complete periodic privacy and security training per NIST SP 800-53 AT family controlsSupport disaster recovery planning and geographically dispersed hosting operations within OregonSkillsBachelors degree and 5 years of experience or an Associates degree and 7 years of experience or a High School diploma and 9 years of experienceMust be a U.S. Citizen or Green Card holderMust be able to pass an FBI NCIC fingerprint-based background checkMust reside in the Oregon/Washington area5+ years of experience in information security engineering, cybersecurity, or a related disciplineDemonstrated experience implementing NIST SP 800-53 (Moderate) security controls in a production environmentHands-on experience with SOC 2 Type II audit processes and remediationProficiency with OWASP Top 10 vulnerability identification and remediationExperience deploying and managing Web Application Firewalls (WAF)Working knowledge of SAST, DAST, and SCA tools and integration into CI/CD pipelinesExperience with TLS 1.2/1.3, AES-256, and FIPS 140-2/140-3 compliant encryption implementationsFamiliarity with NIST SP 800-57 (cryptographic key management) and NIST SP 800-88 (media sanitization)Experience with IEEE 802.1x network access controlExperience maintaining Software Bills of Materials (SBOM) and application allowlisting technologiesKnowledge of incident response procedures, including breach notification requirementsFamiliarity with cloud infrastructure security and data residency requirementsStrong written and verbal communication skills; ability to produce audit-ready documentation and compliance reportsExperience supporting state or federal government IT systems or election infrastructureKnowledge of Oregon Consumer Information Protection Act (OCIPA) (ORS 646A.600–646A.628) and Oregon Statewide Information Security StandardsFamiliarity with Oregon Executive Order 23-26 (AI governance requirements)Experience with Peraton Cloud Seed or similar government cloud environmentsRelevant certifications: CISSP, CISM, CEH, CompTIA Security+, AWS/Azure Security Specialty, or equivalentExperience with geographically dispersed hosting and disaster recovery in government environmentsBenefitsDepending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.Remote work allowed 100%Company OverviewPeraton Fearlessly solving the toughest national security challenges. It was founded in 1992, and is headquartered in Woodbridge, New Jersey, USA, with a workforce of 10001+ employees. Its website is https://www.peraton.com/.