Seeking a Cybersecurity Engineer to lead system Assess and Authorize (A&A) activities related to the sustainment of U.S. Army medical devices and systems. The Cybersecurity Engineer will execute duties supporting the Risk Management Framework (RMF) lifecycle culminating in successful Authority to Operate (ATO) decisions and continuous monitoring. Work location is client site, Fort Detrick, MD with partial teleworking permitted. This position requires an active Secret security clearance.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors—helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

• Lead the development, review and management of system Assess and Authorize documentation to ensure it is compliant with RMF standards. 
• Develop guidance and assists associates through the RMF phases.
• Perform Risk Management and testing of Federal Information System Controls Audit Manual (FISCAM) and RMF controls utilizing Committee on National Security Systems Instruction (CNSS) Instructions 1253 Security Controls Assessment Procedures pursuant to National Institute of Standards and Technology (NIST) Special Publication 800-53 to maintain the information system's security posture.
• Lead IATT and ATO activities.
• Maintain system accreditation status, develops reports, and alerts system proponents when accreditation documentation must be updated.
• Support the organization's program that implements information systems security technology and procedures, to include access control and authentication of users and transmitted information. 
• Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures (SOPs) on the security of information systems.
• Review Army and DoD policy and develop local policy and procedures that implement the Army and DoD's Cybersecurity subprograms and initiatives. 
• Review and evaluate system and network changes for cybersecurity impact and effect on confidentiality, integrity, availability and overall system security posture.
• Create and submit Plan of Actions & Milestones (POA&M) for review and approval by the Authorizing Official (AO).

• DOD Cyber Workforce (DCWF) 8140 (451) System Administrator role: A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC (conferred within 5 years or able to prove continuous relevant work experience) -OR- Personnel Certifications: Cloud+ or GICSP or SSCP or Security+ or GSEC.  If none, must be willing to obtain in first 30-days.
• 3-5 years demonstrated experience designing, implementing, and monitoring cybersecurity solutions  
• 3-5 years demonstrated RMF and eMASS experience 
• Familiarity with HBSS, Fortify, ACAS /Nessus 
• Certified Information Systems Security Professional (CISSP) (or Associate), Certified Information Security Manager (CISM), Global Information Assurance Certification Security Leadership Certificate (GSLC), Certified Chief Information Security Officer (CCISO) or equivalent DoD 8570 IAM Level III certification 
• Must possess and maintain a Secret Security Clearance

Desired Qualifications

• Core KSATs for DoD Cyber Workforce (DCWF):
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
• Knowledge of cybersecurity principles.
• Knowledge of cyber threats and vulnerabilities.
• Knowledge of specific operational impacts of cybersecurity lapses.
• Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
• Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.
• AWS cloud experience
• Azure Cloud Experience
• Bachelor's degree in a related field

Target salary range: $131,090 - $200,000

Disclaimer: 

The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.