Senior Cyber Security Engineer / Mission Risk & Boundary Architect

Defense Engineering Inc. (DEi) is seeking a Senior Cyber Security Engineer / Mission Risk & Boundary Architect to serve as our technical lead for the Defense Threat Reduction Agency (DTRA) Cross Domain Support Element (CDSE) located at Fort Belvoir, VA. The ideal candidate will operate as a high-level technical advisor and intermediary, balancing structured cross-domain onboarding governance with dynamic, out-of-the-box risk engineering.

Rather than executing raw system configuration, this role acts as the principal gatekeeper and QA authority—evaluating complex customer requirements, conducting architectural document reviews for automated Cloud/Enterprise data pipelines, and engineering creative, defensible risk mitigation strategies for non-standard, emerging technologies across DTRA’s enclaves.

• Location: Fort Belvoir, VA (Onsite)
• Clearance: Active Top Secret / SCI Eligible (U.S. Citizenship Required)
• Schedule: Full-Time Day Job (Minimal after-hours work)
• Salary: Negotiable + Full DEi Benefits Package
• Years of Experience: 10+
• Education: BS in Cybersecurity, Computer Science, or Systems Engineering
• Potential for Teleworking: No
• Required Certifications (Baseline): Active DoD 8140/8570 IAT Level III (CISSP, CASP+ CE, CISA, or GCED)

Key Responsibilities

• Architectural & Enterprise CDS Gatekeeping: Serve as the principal technical reviewer for DTRA organizations onboarding onto pre-accredited Enterprise CDS (ECDS) and Raise the Bar (RTB) compliant Cloud CDS providers (e.g., AWS/Azure CDS). Evaluate customer design artifacts to ensure data pipelines “hit the mark” before board submission.
• Dynamic Ad-Hoc Technology Evaluation: Act as the primary advisor for evaluating non-standard, emerging technologies (e.g., virtual reality training platforms, mobile medical devices, standalone scanning configurations) against rigid DoD guidelines. Systematically dissect hardware/software interfaces to isolate threat vectors and design creative compensating controls.
• Mission Enablement Risk Engineering: Apply a comprehensive risk tradecraft equation—balancing Threat, Vulnerability, Policy, Mitigation, and Residual Risk. Confidently recommend alternative paths to “yes” for senior leadership, including structured Risk Acceptance Memorandums (RAM), Exceptions to Policy (ETP), or transferring risk entirely via reasonable accommodation (e.g., telework routing).
• Board Representation & Intermediary Advocacy: Act as the formal technical advocate and bridge between DTRA development teams, external cloud providers (AWS/DISA), and formal authorizing panels. Represent the CDSE at Cross Domain Technical Advisory Board meetings to defend risk profiles and secure Approvals to Connect (ATC).
• Documentation Quality Assurance: Review, edit, and validate customer-authored Cross Domain packages to guarantee strict compliance with NSA “Raise the Bar” (RTB) standards before formal registry submission into the Sponsor Guidance System (SGS).

Basic Qualifications

• Clearance: Active DoD Top Secret with the ability to obtain and maintain SCI access.
• Baseline Certification: Active IAT Level III credential (CISSP preferred).
• Experience Lifespans: 10+ years of overall IT Security/Systems Engineering experience, with a minimum of 5 years explicitly dedicated to network secure boundaries, network segmentation, enclave isolation, or cloud access security.
• Process Knowledge: Minimum of 2 years of active experience navigating formal DoD connection pipelines (e.g., DSAWG via the Sponsor Guidance System, or corresponding Service-level authorizing tracks). Must speak fluent “DISA/Title 10” governance.
• Boundary Analysis Reflexes: Proven conceptual understanding of network traffic enforcement, data-diode behaviors, DMZ architecture, Next-Gen Firewalls (NGFW), or Cloud Access Points (CAP). Ability to read data flow diagrams and spot boundary flaws.
• Risk Management Tradecraft: Proven experience authoring custom waivers, STIG tailoring, or Risk Acceptance Memorandums for complex, non-compliant, or mission-critical hardware/software baselines.
• Communication: Exceptional verbal and written communication skills, with proven experience presenting complex risk profiles, technical trade-offs, and out-of-the-box mitigations directly to senior government leadership (GS-15/O-6 level).

Desired Qualifications

• Direct experience contrasting the technical and bureaucratic differences between IC-siloed cloud environments (Title 50) and DoD-approved Cloud Access Point (CAP) architectures (Title 10).
• Familiarity with Information, Communication, Technology (ICT) Supply Chain Risk Management (SCRM) protocols.