Security Engineer

Peraton is seeking an experienced Security Engineer to support the security, compliance, and maintenance of a large-scale, web-based government application. In this role, you will be responsible for implementing and sustaining a comprehensive security posture aligned with NIST SP 800-53 (Moderate), SOC 2 Type II, OWASP Top 10, and applicable state and federal regulatory requirements. You will work closely with program teams, agency stakeholders, and independent auditors to ensure continuous compliance, rapid incident response, and robust data protection across all environments.

Location: This position will be remote but preferred to have a candidate from Oregon/Washington area.

Day to Day Roles and Responsibilities:

Design, implement, and maintain security controls in accordance with NIST SP 800-53 (Moderate) across all system components
• Deploy, configure, and maintain a Web Application Firewall (WAF) and enforce OWASP Top 10 validation throughout the software development lifecycle
• Implement and manage TLS 1.2/1.3 encryption for data in transit and 256-bit AES (FIPS 140-2/140-3 compliant) encryption for data at rest
• Conduct and coordinate SAST, DAST, and Software Composition Analysis (SCA) as part of the secure development lifecycle
• Maintain a Software Bill of Materials (SBOM) for all applications and manage application allowlisting to prevent unauthorized software execution
• Implement and manage IEEE 802.1x certificate-based network access control
• Develop, maintain, and continuously update the Security Risk Management Plan
• Manage real-time, automated hardware and software asset inventory tracking
• Coordinate and support annual independent security audits (NIST SP 800-53 Moderate or SOC 2 Type II); deliver SOC 2 Type II reports.
• Monitor system security logs and provide on-demand access to designated agency personnel
• Lead incident response activities; deliver breach/incident notifications to the Agency within 24 hours of discovery
• Ensure all Agency Data remains within the United States or its territories at all times - no overseas access, transmission, storage, or backup permitted
• Manage cryptographic key lifecycle in accordance with NIST SP 800-57
• Perform data sanitization and media destruction per NIST SP 800-88 (Rev. 1)
• Classify and protect all Agency Data per applicable Oregon Information Asset Classification policies
• Generate User Access Reports and Data Sanitization Certifications upon agency request
• Provide prior notification to the Agency before responding to any third-party or law enforcement requests for Agency Data
• Ensure all personnel complete periodic privacy and security training per NIST SP 800-53 AT family controls
• Support disaster recovery planning and geographically dispersed hosting operations within Oregon

Basic Qualifications:

• Bachelors degree and 5 years of experience or an Associates degree and 7 years of experience or a High School diploma and 9 years of experience.
• Must be a U.S. Citizen or Green Card holder.
• Must be able to pass an FBI NCIC fingerprint-based background check
• 5+ years of experience in information security engineering, cybersecurity, or a related discipline
• Demonstrated experience implementing NIST SP 800-53 (Moderate) security controls in a production environment
• Hands-on experience with SOC 2 Type II audit processes and remediation
• Proficiency with OWASP Top 10 vulnerability identification and remediation
• Experience deploying and managing Web Application Firewalls (WAF)
• Working knowledge of SAST, DAST, and SCA tools and integration into CI/CD pipelines
• Experience with TLS 1.2/1.3, AES-256, and FIPS 140-2/140-3 compliant encryption implementations
• Familiarity with NIST SP 800-57 (cryptographic key management) and NIST SP 800-88 (media sanitization)
• Experience with IEEE 802.1x network access control
• Experience maintaining Software Bills of Materials (SBOM) and application allowlisting technologies
• Knowledge of incident response procedures, including breach notification requirements
• Familiarity with cloud infrastructure security and data residency requirements
• Strong written and verbal communication skills; ability to produce audit-ready documentation and compliance reports

Preferred Qualifications:

• Experience supporting state or federal government IT systems or election infrastructure
• Knowledge of Oregon Consumer Information Protection Act (OCIPA) (ORS 646A.600-646A.628) and Oregon Statewide Information Security Standards
• Familiarity with Oregon Executive Order 23-26 (AI governance requirements)
• Experience with Peraton Cloud Seed or similar government cloud environments
• Relevant certifications: CISSP, CISM, CEH, CompTIA Security+, AWS/Azure Security Specialty, or equivalent
• Experience with geographically dispersed hosting and disaster recovery in government environments
• Reside in the Oregon/Washington area

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.