Security Engineer

Job Family:

Travel Required:

Clearance Required:

What You Will Do:

Guidehouse is seeking a Security Engineer to join our team. In this role, you will ensure advanced AI-driven platforms meet stringent federal security and compliance requirements, including FedRAMP High, RMF, and NIST standards. Acting as a key liaison between engineering teams and security stakeholders, you will drive risk identification and remediation, support accreditation activities, and deliver secure, resilient solutions that enable trusted decision-making in support of national security objectives.

• Serves as a core security engineer ensuring the adjudication AI platform meets applicable federal requirements including FedRAMP High, RMF, NIST 800-53, CJIS, and FBI ATO standards.

• Collaborates with cloud, DevOps, backend, and AI/ML teams to embed secure architecture patterns, validate control implementation, and maintain continuous monitoring readiness across all platform components.

• Develops RMF documentation, supports POA&M management, conducts vulnerability assessments, ensures secure baseline configurations, and supports accreditation activities.

• Acts as the liaison between engineering teams and ISSO/security stakeholders, ensuring risks are identified, tracked, and remediated efficiently.

Security Engineering & Control Implementation

• Implement NIST 800-53 and FedRAMP High controls across access management, encryption, monitoring, boundary protection, configuration management, and secure data lifecycle workflows.

• Validate secure configuration of AWS GovCloud services, EKS clusters, container runtimes, VPC boundaries, IAM policies, and workload identities.

• Ensure backend APIs, vector stores, retrieval services, LLM inference gateways, scoring engines, and memo-generation modules follow compliant security standards.

• Embed secure coding, least-privilege access enforcement, input validation, and hardened model-serving workflows across all development teams.

RMF, ATO Support & Compliance Documentation

• Develop and maintain SSPs, CIS statements, boundary diagrams, data-flow diagrams, and continuous monitoring documentation for ATO readiness.

• Assist with creation, tracking, and remediation of POA&M items, ensuring timely closure of vulnerabilities and deficiencies.

• Prepare system artifacts for assessments, security testing, authorization reviews, and continuous monitoring updates.

• Support mapping of AI/ML-specific risks—model outputs, retrieval pathways, data provenance—to RMF controls and ATO expectations.

Vulnerability Management & Continuous Monitoring

• Conduct vulnerability scans (Inspector, ECR scanning, Nessus/Qualys), analyze results, and coordinate remediation with engineering teams.

• Support patching workflows, baseline enforcement, configuration drift detection, and container/OS hardening processes.

• Validate CloudTrail, CloudWatch, GuardDuty, Config Rules, and other logging/monitoring systems for compliance with AU, SI, RA, and CM control families.

• Develop dashboards and reporting for CA-7, RA-5, CM-6, AU-x, and other continuous monitoring requirements.

Secure Development, CI/CD & DevSecOps Alignment

• Integrate SAST, SCA, IaC scanning, container scanning, and dependency verification into DevSecOps workflows.

• Validate Terraform/CloudFormation templates for alignment with encryption, identity, and GovCloud boundary restrictions.

• Review API design, authentication flows, model inference endpoints, and data-ingestion pipelines for security gaps or policy violations.

• Support hardening of LLM workflows, retrieval processes, and document-ingestion operations.

Mission Support & Collaboration

• Work with backend, cloud, AI/ML, and data engineering teams to translate controls into engineering requirements aligned with adjudication workflows.

• Provide teams with security requirements, engineering checklists, and compliance guidance to accelerate delivery while maintaining security posture.

• Collaborate with adjudicators, mission SMEs, and operations teams to ensure evidence tracking, audit logging, and data-handling workflows support mission needs.

What You Will Need:

• Bachelor’s degree or additional four years of experience in lieu of degree.

• 5+ years of cybersecurity engineering experience, including 3+ years supporting RMF, FedRAMP, CJIS, or ATO systems.

• Knowledge of NIST 800-53 controls, FedRAMP High requirements, AWS GovCloud security patterns, IAM, encryption (KMS/TLS), logging pipelines, and vulnerability scanning tools.

• Experience writing ATO documentation, control statements, risk assessments, and boundary artifacts.

• Strong communication skills supporting collaboration with engineers and mission stakeholders.

• Must be US Citizen.

• Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.

What Would Be Nice To Have:

• CISSP, CCSP, Security+, or AWS Security Specialty certifications.

• Experience securing AI/ML platforms, LLM inference pipelines, retrieval systems, or sensitive-data workloads.

• Familiarity with adjudication, continuous vetting, or personnel security workflows.

• Experience with zero-trust architectures, air-gapped deployments, or SCIF-compatible systems.

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical, Rx, Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Parental Leave

• 401(k) Retirement Plan

• Group Term Life and Travel Assistance

• Voluntary Life and AD&D Insurance

• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts

• Transit and Parking Commuter Benefits

• Short-Term & Long-Term Disability

• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• Care.com annual membership

• Employee Assistance Program

• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)

• Position may be eligible for a discretionary variable incentive bonus

About Guidehouse

Guidehouse is an Equal Opportunity Employer–Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @guidehouse.com or guidehouse@myworkday.com. Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.

If any person or organization demands money related to a job opportunity with Guidehouse, please report the matter to Guidehouse’s Ethics Hotline. If you want to check the validity of correspondence you have received, please contact recruiting@guidehouse.com. Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicant’s dealings with unauthorized third parties.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.