Security Readiness Architect (GRC SME)

We are looking for a Security Readiness Architect to design and guide secure system architectures that can achieve and sustain federal cybersecurity authorization. This role focuses on translating complex regulatory frameworks into practical architecture patterns that enable platforms and applications to meet the rigorous expectations of federal security programs.

You will operate at the intersection of security architecture, DevSecOps, and Governance, Risk, and Compliance (GRC)-ensuring systems are architected for authorization success while also guiding the documentation, risk management, and programmatic processes required to achieve and maintain compliance.

This role is ideal for an experienced security architect or senior federal cybersecurity professional who understands both federal authorization frameworks and modern cloud/software architectures, and who can bridge engineering teams, security governance functions, and government stakeholders.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors-helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

Architect systems to support authorization under FedRAMP, DoD RMF, CMMC, and related federal cybersecurity frameworks
• Translate requirements from NIST SP 800-53, NIST SP 800-171/172, and DoD security guidance into concrete architecture patterns and engineering implementation strategies
• Define secure reference architectures across identity, network segmentation, platform security, data protection, logging, monitoring, and system boundary design
• Work directly with engineering and DevSecOps teams to embed security controls into platform architecture, CI/CD pipelines, and operational workflows
• Conduct security architecture and design reviews for applications, platforms, and infrastructure supporting federal missions
• Guide teams in structuring systems for authorization efficiency, including control inheritance strategies, system boundary definitions, and shared service architectures
• Lead or support GRC program activities including control implementation planning, risk assessments, and authorization readiness
• Support development of authorization artifacts including System Security Plans (SSPs), control narratives, architecture documentation, and POA&Ms
• Provide expertise on DoD Cloud Computing environments (IL4/5/6), National Security Systems (NSS), and environments handling CUI and National Security Information
• Conduct DISA STIG analysis and secure configuration reviews for operating systems, platforms, and infrastructure
• Collaborate with DevSecOps teams to implement automated compliance validation, continuous monitoring, and security telemetry
• Provide architecture guidance and security readiness briefings to engineering teams, leadership, and government stakeholders
• Monitor evolving federal cybersecurity policy and translate emerging requirements into architecture and GRC program guidance

• Ability to attain and maintain a US Secret clearance
• Active CISSP, CISM, GSLC, C|CISO, or comparable senior cybersecurity certification
• 10+ years of experience in federal cybersecurity supporting system security engineering, security architecture, or GRC programs aligned with NIST SP 800-53 and the NIST Risk Management Framework
• Experience supporting systems pursuing FedRAMP, DoD RMF, or CMMC authorization
• Experience implementing and managing security control programs and compliance activities including SSP development, POA&M management, and authorization readiness
• Strong understanding of modern cloud architectures (AWS, Azure, or similar), hybrid infrastructure, and containerized platforms
• Experience translating compliance frameworks into technical implementation guidance for engineering teams
• Experience performing risk assessments related to architecture changes, vulnerabilities, new systems, and data governance
• Strong communication skills and the ability to bridge security, engineering, and government stakeholders

Preferred Qualifications

• Experience supporting DoD Cloud Computing SRG environments (IL4/5/6)
• Experience working with National Security Systems (NSS) or classified-adjacent architectures
• Familiarity with DevSecOps platforms and compliance automation approaches
• Experience using GRC platforms to manage controls, artifacts, and continuous monitoring
• Experience participating in Architecture Review Boards (ARB), Change Advisory Boards (CAB), or security design reviews
• Experience supporting environments that process or store Controlled Unclassified Information (CUI)
• Experience working in federal consulting, defense, intelligence, or mission-focused environments
• Master's degree or bachelor's degree with equivalent experience

What Success Looks Like

• Systems are architected from the start to meet federal security requirements, avoiding costly redesigns during authorization
• Engineering teams understand how to implement security controls as part of system architecture

The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.

The target salary range for this posiiton is up to $170,000