Application Security Control Validation Engineer

About Parsons

Parsons invites you to imagine a career where you thrive, work with exceptional people, and be yourself. Guided by a leadership vision of valuing people, embracing agility, and fostering growth, the company cultivates an innovative culture that empowers employees to achieve their full potential. The Federal Solutions segment delivers resources to U.S. government customers, supporting missions worldwide in defense, security, intelligence, infrastructure, and environmental areas.

Role Overview

Parsons is looking for an amazingly talented Application Security Control Validation Engineer to join the Federal Solutions team. In this role you will lead security control assessments for containerized applications, Kubernetes clusters, and multi‑cloud architectures against CIS benchmarks, zero‑trust pipelines, and enterprise guardrails.

Responsibilities

• Lead security control assessments for containerized applications.
• Create assessment mapping of technical evidence to RMF/NIST SP 800‑53 controls and maintain key authorization artifacts, including SSPs, SARs, and POA&Ms.
• Possess a strong understanding of NIST SP 800‑37, NIST SP 800‑53, and CNSSI 1253 to support system authorization activities and ensure compliance across complex environments.
• Perform hands‑on validation using SAST, DAST, and SCA tools to analyze source code, dependencies, and IaC for vulnerabilities.
• Apply deep knowledge of cloud security principles, including shared responsibility and control inheritance across AWS, Azure, and GCP, to design and evaluate secure architectures.
• Bring hands‑on expertise with AWS, Azure, GCP, container runtimes such as Podman, and Kubernetes platforms (EKS, AKS, GKE), with proficiency in RBAC, network policies, pod security, secrets management, and supply‑chain security frameworks such as SLSA and Sigstore.
• Provide expert guidance on secure design and threat modeling while driving the full vulnerability management lifecycle from triage and risk analysis through remediation validation.
• Identify, investigate, and escalate cybersecurity incidents using structured response methodologies that ensure timely containment, effective resolution, and adherence to reporting requirements.
• Secure CI/CD pipelines by integrating automated security controls, artifact scanning, integrity checks, and policy‑as‑code.
• Implement and manage security technologies, including monitoring tools, endpoint protection, IAM systems, vulnerability scanners, and threat intelligence platforms to enhance cybersecurity resilience.
• Document and communicate technical findings, risk posture, and strategic recommendations to developers, architects, and executive government leadership.

Required Skills

• Minimum of 12 years' experience with a bachelor's degree or 10 years' experience with a master's degree in Computer Science, Cybersecurity, Information Assurance, Information Security System Engineering, or a related discipline from an accredited college or university.
• Active TS/SCI with Polygraph.
• CISSP or Active DoD IAM and/or IAT Level II/III.
• AWS Certified Solutions Architect – Associate.
• Demonstrated domain knowledge in DevSecOps, Cloud Architecture, Cybersecurity, and Information Assurance.
• Exceptional organizational and analytical skills with attention to detail in documentation and reporting.

Desired Skills

• Security+.
• SecurityX.

Security Clearance Requirement

An active Top Secret SCI with Polygraph security clearance is required for this position.

Salary Range

$125,100 – $225,200 per year.

Benefits

Parsons offers best‑in‑class benefits, including:

• Medical, dental, and vision coverage
• Paid time off
• 401(k) plan
• Life insurance
• Flexible work schedules
• Holidays

Parsons is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, veteran status, or any other protected status