Lead Security Engineer

Lead Security Engineer

Description Lead Security Engineer At B&A, we foster and embrace a distinct set of values that we live by and instill in all aspects of our organization: dedication, commitment, partnership, trust, and recognition. We have incorporated these values into successful delivery for our customers since 1988. B&A believes in ensuring its employees feel deeply connected to B&A, recognizing successes and hard work, and providing continuous opportunities to learn and grow. Our people are entrepreneurial thinkers that combine mindset, vision, and experience to drive value - not only to us as an organization, but to the clients we support. We promote a collaborative culture with our clients, and with each other, as one team working towards a common vision. We'd love for you to join our team!Job SummaryWe are seeking a Subject Matter Expert (SME)-level Lead Security Engineer to lead application security across a large-scale, cloud-native federal modernization program supporting the U.S. Census Bureau's Decennial Transformation and Application Modernization (DTAM) effort. This role provides technical and management leadership on major security tasks, embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOps methodology. The ideal candidate will architect and enforce Zero Trust principles, drive Authorization to Operate (ATO) activities, and direct application security testing, threat modeling, and vulnerability remediation across a System of Systems (SoS). This position interfaces with senior Government stakeholders and the Office of Information Security (OIS), and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others. ResponsibilitiesLead the design and implementation of application security solutions, frameworks, and processes across all phases of the SDLC, in compliance with U.S. Census Bureau (USCB) and Office of Information Security (OIS) policies Implement Zero Trust (ZT) principles for applications, workloads, and data, aligned with EO 14028, OMB M-22-09, and NIST SP 800-207 (Zero Trust Architecture) Integrate security into DevSecOps CI/CD pipelines, establishing security gates, automated code inspection, and supply-chain controls including Software Bill of Materials (SBOM) generation Direct Static and Dynamic Application Security Testing (SAST/DAST), vulnerability assessments, and penetration testing to identify, triage, and remediate security weaknesses Lead threat modeling exercises to analyze application architecture, identify attack vectors, and document mitigation strategies throughout design, development, testing, and deployment Support the Authorization to Operate (ATO) process, including security control assessment, artifact and evidence collection, Privacy Threshold Analysis/Privacy Impact Assessment support, and Plan of Action and Milestones (POA&M) management Implement security controls in accordance with the NIST Cybersecurity Framework and NIST SP 800-53, and remediate identified vulnerability and compliance findings Design and implement secure architecture patterns - secure API design, ...For full information see follow application link. B&A provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. B&A complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy covers conduct occurring at B&A's offices, and other workplaces (including client sites) and all other locations w B&A is providing services, and to all work-related activities.