Cca Coder Jobs in Washington (NOW HIRING)

Position Title: Information Security Engineer
Location: Herndon, Virginia - Hybrid (in office 3x/week)
Position Overview:
This senior-level Information Security Engineer will serve as a member of the Exostar Information Security Office and report to the Manager of Governance & Engineering. This role is designed for a hands-on security engineer with strong architecture and implementation experience who can partner directly with infrastructure, platform, and product teams to design and build secure systems.
The primary focus of this role is security architecture, control design, and engineering enablement across cloud and on-premise environments. The ideal candidate is comfortable working in complex technical environments, translating security requirements into practical implementations, and validating that controls are operating effectively. While this role will support audit and compliance activities, its core function is to ensure systems are secure by design and continuously verifiable, rather than relying on manual audit processes.
Responsibilities: Your day if you join us:

• Security Architecture & Engineering
  
  • Design and evaluate secure architectures across cloud and on-premise environments, including identity, access, network, and platform services.
  • Partner with infrastructure, DevOps, and application teams to embed security into system design and delivery pipelines.
  • Translate security requirements into enforceable technical controls.
  • Provide hands-on support for implementation and validation of security controls.
  • Perform threat modeling and technical risk assessments for new and existing systems.
  
  DevSecOps, Automation & Control Enforcement
  
  • Integrate security controls into CI/CD pipelines and infrastructure-as-code workflows.
  • Partner with engineering teams to ensure secure deployment patterns are practical and scalable.
  • Support secure implementation of identity federation, privileged access, and authentication services.
  • Enable continuous validation of security controls, including configuration drift detection and policy enforcement.
  • Reduce reliance on manual review by designing automated control validation and monitoring mechanisms.
  
  Audit & Compliance Support
  
  • Support internal and external audits (e.g., ISO 27001, SOC 2, Cyber Essentials, Kantara, FPKI, FedRAMP, CMMC) by translating technical implementations into defensible evidence.
  • Contribute to the development of technical control narratives aligned with system architecture.
  • Implement and validate controls and remediation of findings across engineering teams.
  Drive in audit readiness activities, with a focus on engineering-driven evidence and automation rather than manual collection.

Qualifications:
You are a great fit for this role if you:

• 7+ years of demonstrated IT Security engineering experience providing guidance to technical teams
• 5+ years of demonstrated experience performing threat modeling and security risk assessments.
• 5+ years of demonstrated network engineering and administration experience
• 5+ years of demonstrated experience designing and implementing security controls in on-premise and cloud environments.
• Strong experience with secure SDLC practices in Agile and DevSecOps environments.
• Demonstrated experience authoring SSPs, POA&Ms, and technical audit documentation.
• Significant experience working with ISO/IEC 27001/27002, NIST SP 800-171, and NIST SP 800-53.
• Experience supporting and participating in audits and assessments (e.g., SOC 2, ISO 27001, Cyber Essentials).
• Strong written and verbal communication skills with the ability to explain technical concepts to auditors, leadership, and business stakeholders.
• Significant experience working in Jira and Confluence.
• Ability to pass background investigation to attain and maintain Trusted Role access to company systems.

Technical Experience / Familiarity:

• Core network services (HTTP, SMTP, DNS) and supporting server technologies.
• Encryption technologies (IPSec, SSL/TLS).
• Network security controls (firewalls, proxies, NAC, phishing prevention, etc.).
• SIEM and logging architectures; familiarity with FIM technologies.
• Windows Active Directory and domain services.
• U.S. Citizens only
• Due to customer requirements, U.S. Citizenship is required. Ability to gain and maintain Trusted Role is required

Preferred Qualifications:
You are exactly who we are looking for if you

• Experience designing, building, or integrating security automation and control validation solutions
• CMMC CCA or CCP certification
• Experience as a FedRAMP auditor and/or implementer
• CISSP or other comparable advanced technical security certifications
• Hands-on experience with Governance, Risk, and Compliance (GRC) tools
• Strong knowledge of cloud computing environments and architectures
• Experience administering Windows Domains and Active Directory
• Familiarity with endpoint protection technologies, including HIPS/HIDS
• Experience with web application development, including Java and related technologies
• Demonstrated ability to design multi-tier, highly available, scalable, and multi-threaded systems
• Knowledge of secure development frameworks (e.g., OWASP SAMM, Microsoft Security Development Lifecycle, IBM Secure Engineering Framework)
• Experience with Public Key Infrastructure (PKI) and identity federation technologies (e.g., SAML)
• Understanding of Identity and Access Management (IAM) principles and solutions
• Experience with business continuity and disaster recovery (BC/DR) planning
• Familiarity with data protection technologies, including Data Loss Prevention (DLP), data labeling, and Information Rights Management (IRM)
• Experience implementing S/MIME-based secure email solutions
• Familiarity with SharePoint security and administration

Education:

• Bachelor's or master's degree from an accredited university in IT related discipline

Exostar - The Company:
Exostar's cloud-based platforms create exclusive communities within the Aerospace and Defense, Life Sciences, and other highly regulated industries where members securely collaborate, share information, and operate compliantly. Within these communities we build trust. By analyzing community data, we provide insights and intelligence, enabling organizations to make better, timelier decisions, to mitigate risk, and operate more efficiently.
• We believe in employee development: we promote internally and provide training and educational assistance
• We provide a fun, engaged workplace, with social and community-building events
• We offer comprehensive benefits and flexible time off plans
Exostar is an Equal Opportunity Employment Employer. The company provides equal employment opportunities to all applicants without regard to race, color, religion, sex, national origin, age, marital status, disability status or genetic information. Exostar is committed to providing equal employment opportunities for all persons in all facets of employment including recruiting, hiring, compensation, promotion, training, benefits, transfers and working conditions.
Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.