[Remote] Security Engineer

Note: The job is a remote job and is open to candidates in USA. Peraton is a next-generation national security company that drives missions of consequence. They are seeking an experienced Security Engineer to support the security, compliance, and maintenance of a large-scale, web-based government application, ensuring a comprehensive security posture aligned with regulatory requirements.

Responsibilities

• Design, implement, and maintain security controls in accordance with NIST SP 800-53 (Moderate) across all system components
• Deploy, configure, and maintain a Web Application Firewall (WAF) and enforce OWASP Top 10 validation throughout the software development lifecycle
• Implement and manage TLS 1.2/1.3 encryption for data in transit and 256-bit AES (FIPS 140-2/140-3 compliant) encryption for data at rest
• Conduct and coordinate SAST, DAST, and Software Composition Analysis (SCA) as part of the secure development lifecycle
• Maintain a Software Bill of Materials (SBOM) for all applications and manage application allowlisting to prevent unauthorized software execution
• Implement and manage IEEE 802.1x certificate-based network access control
• Develop, maintain, and continuously update the Security Risk Management Plan
• Manage real-time, automated hardware and software asset inventory tracking
• Coordinate and support annual independent security audits (NIST SP 800-53 Moderate or SOC 2 Type II); deliver SOC 2 Type II reports
• Monitor system security logs and provide on-demand access to designated agency personnel
• Lead incident response activities; deliver breach/incident notifications to the Agency within 24 hours of discovery
• Ensure all Agency Data remains within the United States or its territories at all times — no overseas access, transmission, storage, or backup permitted
• Manage cryptographic key lifecycle in accordance with NIST SP 800-57
• Perform data sanitization and media destruction per NIST SP 800-88 (Rev. 1)
• Classify and protect all Agency Data per applicable Oregon Information Asset Classification policies
• Generate User Access Reports and Data Sanitization Certifications upon agency request
• Provide prior notification to the Agency before responding to any third-party or law enforcement requests for Agency Data
• Ensure all personnel complete periodic privacy and security training per NIST SP 800-53 AT family controls
• Support disaster recovery planning and geographically dispersed hosting operations within Oregon

Skills

• Bachelors degree and 5 years of experience or an Associates degree and 7 years of experience or a High School diploma and 9 years of experience
• Must be a U.S. Citizen or Green Card holder
• Must be able to pass an FBI NCIC fingerprint-based background check
• Must reside in the Oregon/Washington area
• 5+ years of experience in information security engineering, cybersecurity, or a related discipline
• Demonstrated experience implementing NIST SP 800-53 (Moderate) security controls in a production environment
• Hands-on experience with SOC 2 Type II audit processes and remediation
• Proficiency with OWASP Top 10 vulnerability identification and remediation
• Experience deploying and managing Web Application Firewalls (WAF)
• Working knowledge of SAST, DAST, and SCA tools and integration into CI/CD pipelines
• Experience with TLS 1.2/1.3, AES-256, and FIPS 140-2/140-3 compliant encryption implementations
• Familiarity with NIST SP 800-57 (cryptographic key management) and NIST SP 800-88 (media sanitization)
• Experience with IEEE 802.1x network access control
• Experience maintaining Software Bills of Materials (SBOM) and application allowlisting technologies
• Knowledge of incident response procedures, including breach notification requirements
• Familiarity with cloud infrastructure security and data residency requirements
• Strong written and verbal communication skills; ability to produce audit-ready documentation and compliance reports
• Experience supporting state or federal government IT systems or election infrastructure
• Knowledge of Oregon Consumer Information Protection Act (OCIPA) (ORS 646A.600–646A.628) and Oregon Statewide Information Security Standards
• Familiarity with Oregon Executive Order 23-26 (AI governance requirements)
• Experience with Peraton Cloud Seed or similar government cloud environments
• Relevant certifications: CISSP, CISM, CEH, CompTIA Security+, AWS/Azure Security Specialty, or equivalent
• Experience with geographically dispersed hosting and disaster recovery in government environments

Benefits

• Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.
• Remote work allowed 100%

Company Overview