Position Title:⯠Information Security Engineer
Location: Herndon, Virginia- Hybrid (in office 3x/week)
Position Overview: This senior-level positionâ¯Information Security Engineer will serve as a member of the Exostar Information Security Office and will report to the Manager of Governance & Engineering. This role is designed for a hands-on security engineer with deep technical and architectural experience who can translate that expertise into effective engineering, audit, policy, and compliance outcomes. The individual will be expected to independently assess risk, design and evaluate secure architectures, implement and validate technical security controls, and clearly articulate how those controls satisfy regulatory and audit requirements. The ideal candidate brings strong engineering credibility across infrastructure, cloud, and identity-related systems, and is equally effective working with customers, auditors, and technical stakeholders. This role requires comfort operating in high-visibility audit and customer-facing contexts, exercising technical expertise, and driving issues to closure.Responsibilities: Your day if you join us:Security Architecture & Engineering Assess, design, and provide guidance on secure architectures for onpremise and cloud environments, including identity, access, network, and platform services. Engage directly with infrastructure, platform, and development teams to translate security requirements into implementable technical designs and controls. Provide hands-on engineering support for the implementation, validation, and remediation of technical security controls. Perform threat modeling and security risk assessments and coordinate actionable mitigation strategies. Audit, Compliance & Governance Provide engineering support for controls aligned to frameworks such as CMMC L2, FedRAMP Moderate, ISO/IEC 27001, IAM, SOC 2, etc. Write and maintain technical control descriptions based on current architecture and operational practices. Support and lead internal and external audits and assessments, including direct interaction with auditors and customers. Translate technical implementations into clear, accurate, and defensible audit evidence. Create, review, and update information security policies, standards, procedures, and guidelines to reflect actual system architecture and operations. Risk Management & Continuous Improvement Identify, assess, and communicate security risks to technical and non-technical stakeholders. Track remediation efforts and drive issues to closure across multiple teams. Evaluate emerging technologies, regulatory changes, and industry trends to assess potential impact to Exostar’s security posture. Identity Access Management Security Provide subject matter expertise for Identity and Access Management (IAM) and Public Key Infrastructure (PKI) systems. Support auditing and compliance of PKI, identity federation, and authentication services. Collaborate on governance documentation related to identity, trusted roles, and access control programs.
Qualifications: You are a great fit for this role if you: Required:
7+ years of demonstrated IT Security engineering experience providing guidance to technical teams 5+ years of demonstrated experience performing threat modeling and security risk assessments. 5+ years of demonstrated network engineering and administration experience 5+ years of demonstrated experience designing and implementing security controls in onpremise and cloud environments. Strong experience with secure SDLC practices in Agile and DevSecOps environments. Demonstrated experience authoring SSPs, POA&Ms, and technical audit documentation. Significant experience working with ISO/IEC 27001/27002, NIST SP 800171, and NIST SP 80053. Experience supporting and participating in audits and assessments (e.g., SOC 2, ISO 27001, Cyber Essentials). Strong written and verbal communication skills with the ability to explain technical concepts to auditors, leadership, and business stakeholders. Significant experience working in Jira and Confluence. Ability to pass background investigation to attain and maintain Trusted Role access to company systems. Technical Experience / Familiarity: Core network services (HTTP, SMTP, DNS) and supporting server technologies. Encryption technologies (IPSec, SSL/TLS). Network security controls (firewalls, proxies, NAC, phishing prevention, etc.). SIEM and logging architectures; familiarity with FIM technologies. Windows Active Directory and domain services.Due to customer requirements, U.S. Citizenship is required.
Ability to gain and maintain Trusted Role is required
Preferred Qualifications:You are exactly who we are looking for if you:• CMMC CCA or CCP • FedRAMP auditor / implementer • CISSP and other similar technical certifications • Experience with Governance, Risk, and Compliance tools • Cloud computing and architecture • Windows Domains and Active Directory • End-point Protections (HIPS/HIDS) • Web Application Programming (Java and related technologies) • Knowledge and demonstrated experience designing multi-tier, highly available, multi-threaded, scalable architectures. • Secure development frameworks (e.g. OWASP SAMM, Microsoft Security Development Lifecycle, IBM Secure Engineering Framework, etc.) • Public Key Infrastructure (PKI) • Identity Federation Technologies (SAML, etc.) • Business Continuity and Disaster Recovery planning • SharePoint • Data Loss Prevention (DLP) • Data Labeling and Information Rights Management • S/MIME-based Secure Email • Windows Domains and Active Directory • Identity Access Management (IAM)
Education:• Bachelor’s or master’s degree from an accredited university in IT related discipline Exostar- The Company: Exostar’s cloud-based platforms create exclusive communities within the Aerospace and Defense, Life Sciences, and other highly regulated industries where members securely collaborate, share information, and operate compliantly. Within these communities we build trust. By analyzing community data, we provide insights and intelligence, enabling organizations to make better, timelier decisions, to mitigate risk, and operate more efficiently. • We believe in employee development: we promote internally and provide training and educational assistance • We provide a fun, engaged workplace, with social and community-building events • We offer comprehensive benefits and flexible time off plans Exostar is an Equal Opportunity Employment Employer. The company provides equal employment opportunities to all applicants without regard to race, color, religion, sex, national origin, age, marital status, disability status or genetic information. Exostar is committed to providing equal employment opportunities for all persons in all facets of employment including recruiting, hiring, compensation, promotion, training, benefits, transfers and working conditions.
