Security Engineer (IT Specialist - Security)

About

We're looking for a Security Engineer to support implementation, assessment, authorization, and continuous monitoring of information security controls for CMS systems.

Salary

$119,630 - $172,980/year

Locations

San Francisco, CA | Woodlawn, MD | Seattle, WA (Telework eligible)

What you'll do:

• Serve as an ISSO supporting implementation and ongoing maintenance of information security controls for assigned OEDA systems
• Provide security engineering support for information systems and services operating within CMS-authorized enterprise platforms, including cloud-based and managed service environments
• Provide essential support to the Authorizing Official (AO) and AODR in making risk-based authorization decisions
• Conduct continuous monitoring activities, including security event logging, vulnerability scanning, and configuration management to ensure ongoing compliance with security requirements and ATO conditions

What we need:

• Experience implementing and supporting security controls for cloud-based information systems (AWS, Azure, GCP) in accordance with Federal security requirements
• Knowledge of NIST Risk Management Framework (RMF) to support system authorization activities, including developing SSPs, SARs, and POA&Ms
• Experience conducting security control assessments, vulnerability analyses, or compliance reviews to identify risks and recommend remediation actions
• Background supporting continuous monitoring activities, tracking POA&Ms, reviewing vulnerability scanning results, and coordinating with system owners and technical teams

IT Competencies required:

• Attention to Detail
• Customer Service
• Oral Communication
• Problem-Solving

Other Requirements

• Position: GS-2210-13
• Note: Required to obtain and maintain COR/COTR certification.

Resume required (2 page limit). Apply through USAJOBS by April 17, 2026.