Contact Us

Senior Emerging Technology / Cybersecurity Engineer

hiring our heroes • United State
Remote
Apply
AI Summary

Lead security architecture reviews and AI risk assessments for federal clients adopting SaaS, AI-enabled tools, and cloud services. Develop reusable security patterns, continuous ATO processes, and automation artifacts to accelerate authorization timelines. Requires 5+ years federal cybersecurity experience, NIST RMF expertise, and cross-functional coordination across engineering, legal, and mission teams.

Key Highlights
Security architecture review for SaaS, cloud, AI tools, and non-COTS technologies
AI security testing including prompt injection, jailbreak, model poisoning, and RAG/vector database risks
Continuous ATO support with automated evidence collection and control validation
Cross-functional coordination with vendors, engineering, legal, privacy, and mission stakeholders
Key Responsibilities
Conduct security architecture reviews for SaaS, cloud, AI-enabled tools, and non-COTS technologies
Perform AI security testing including prompt injection, jailbreak, model poisoning, and RAG/vector database risks
Develop continuous ATO processes with automated evidence collection and control validation
Create reusable security patterns and baseline templates for Low, Moderate, and High-risk tiers
Coordinate with vendors, engineering teams, cybersecurity teams, procurement, legal, privacy, and mission stakeholders
Prepare executive-level status reports, technical assessment summaries, and testing reports
Technical Skills Required
Security architecture review AI security testing Continuous ATO and compliance modernization
Benefits & Perks
Remote work authorized
Public Trust clearance required
Nice to Have
Experience with AWS, Azure, or Google Cloud Platform
DevSecOps, CI/CD security, and Infrastructure as Code
Security telemetry integration into SIEM, SOAR, GRC, or vulnerability management platforms
AI/LLM evaluation tools such as Microsoft PyRIT, NVIDIA Garak, Promptfoo, or DeepEval

Job Description


Position Overview

MILITARY FRIENDLY & PREFERRED - HOH SPONSOR

The Emerging Technology / Cybersecurity Engineer will support Zermount and our federal client in modernizing cybersecurity authorization, cloud security, security architecture review, and emerging technology assessment processes.

This is a senior, client-facing cybersecurity engineering and assessment role focused on helping the client securely adopt SaaS, AI-enabled technologies, cloud services, and other emerging capabilities. The position blends federal RMF and continuous ATO expertise, security architecture review, AI security testing, cloud compliance, control validation, and process modernization.

The successful candidate will help reduce authorization timelines by developing reusable security patterns, repeatable assessment baselines, structured test plans, and continuous ATO-ready evidence. The ideal candidate has strong experience in federal cybersecurity, RMF, ATO, cloud security, security architecture, SaaS/product assessments, vulnerability management, emerging technology risk, and AI security

This position requires a hands-on professional who can work across cybersecurity, engineering, procurement, legal, privacy, records management, vendor, product, and mission teams to evaluate technologies, validate controls, document risk, and accelerate secure adoption.

Duties & Responsibilities

Security Architecture Review

  • Conduct Security Architecture Reviews for SaaS, cloud, AI-enabled tools, non-COTS technologies, embedded AI capabilities, operating system baselines, and supporting infrastructure.
  • Integrate architecture review activities with existing cybersecurity workflows, including ATO intake, security assessment, vulnerability scanning, cloud compliance, change management, and authorization decision support.
  • Review system designs, data flows, identity models, access controls, logging approaches, network architecture, tenant isolation, administrative control structures, and security boundary assumptions.
  • Develop security architecture patterns and reusable designs that enable faster assessments and ATO decisions by aligning solutions with federal security controls early in the lifecycle.
  • Translate technical architecture findings into actionable risk statements, control recommendations, remediation plans, POA&Ms, and acceptance decision inputs.

Emerging Technology Assessment and AI Security Testing

  • Perform cybersecurity assessments of commercial SaaS products, non-COTS AI products, embedded AI components, cloud-hosted services, operating system baselines, and related technologies during intake and change events.
  • Evaluate AI-specific threats and vulnerabilities, to include direct, indirect, and instruction smuggling prompt injection, jailbreak susceptibility, data leakage/sensitive data exposure, model poisoning, RAG/vector database exposure, unintended model behavior, tool or agent misuse, insecure plugin use, and unsafe browsing capabilities.
  • Execute structured AI and emerging technology testing, including functional and accuracy testing, adversarial testing, data exfiltration probes, red-team scenarios, control regression testing, and validation of previously accepted security controls.
  • Develop structured AI test cases, adversarial prompts, expected results, pass/fail criteria, scoring rubrics, and repeatable evaluation scripts aligned to NIST AI RMF, OWASP Top 10 for LLM/GenAI, MITRE ATLAS, client security baselines, and federal ATO acceptance criteria.
  • Validate logging coverage, DLP efficacy, safety controls, accuracy thresholds, telemetry availability, and technical acceptance criteria prior to production use.
  • Document findings, support remediation planning, and perform retesting to verify closure of identified security gaps.

Engineering Controls and Implementation Support

  • Design and support implementation of baseline security controls, including identity integration, RBAC, DLP, logging and telemetry, SIEM integration, network segmentation, tenant isolation, and feature-level security controls.
  • Develop or contribute automation artifacts such as scripts, Infrastructure as Code snippets, configuration templates, security checklists, and deployment patterns.
  • Configure, test, or validate vendor systems and internal deployments against approved baseline controls and client security requirements.
  • Coordinate with commercial vendors, cloud teams, platform teams, product teams, and internal engineering teams to implement, test, and validate required security controls.
  • Provide recommendations to disable or restrict high-risk capabilities such as public browsing, external plugins, unmanaged connectors, excessive permissions, unapproved data access, or other features that increase mission or data risk.

Process, Baseline, and Knowledge Transfer

  • Develop repeatable test plans, assessment checklists, intake procedures, triage workflows, pilot assessment templates, production readiness criteria, and operational runbooks.
  • Create scalable baseline templates for Low, Moderate, and High-risk tiers with required controls, evidence expectations, test procedures, and acceptance criteria.
  • Support development of reusable security patterns for SaaS, AI-enabled applications, cloud-hosted services, operating system baselines, and emerging technology deployments.
  • Deliver knowledge transfer, training, and working sessions for client staff to operate and maintain security baselines, assessment processes, and test suites.
  • Support continuous improvement of cybersecurity intake, assessment, authorization, monitoring, and remediation processes.

    Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

Product and Stakeholder Support

  • Engage with commercial vendors, procurement, legal, engineering, cybersecurity, privacy, records management, product, and mission teams to support technology intake, contracting, evidence collection, control validation, and remediation activities.
  • Coordinate with vendor contacts and internal client stakeholders to obtain security documentation, clarify technical capabilities, validate control implementation, and resolve assessment findings.
  • Provide regular status reporting, metrics, risk updates, testing results, and recommendations to support timely security acceptance and authorization decisions.
  • Track assessment activities, findings, remediation actions, POA&Ms, retesting results, risk decisions, and authorization milestones through established client workflows.
  • Participate in client meetings, technical working sessions, vendor discussions, security reviews, and authorization decision support activities.
  • Prepare executive-level status reports, technical assessment summaries, testing reports, briefings, and recommendations to mitigate identified risks.
  • Perform additional duties as required.

Roadmap, Strategy, and Continuous ATO Support

  • Provide Support the development and execution of cybersecurity authorization and compliance strategies designed to reduce ATO processing time and improve cloud compliance.
  • Provide input into continuous ATO and continuous monitoring approaches, including evidence collection, automated control validation, risk triggers, POA&M visibility, and decision-ready reporting.
  • Assist the Cybersecurity Division in designing compliance processes and systems that support continuous authorization and reduce manual processing delays.
  • Plan and run controlled pilots using synthetic or de-identified data, where feasible, to validate technical, security, privacy, and operational readiness.
  • Support development of roadmap recommendations, implementation priorities, metrics, and process improvements to advance secure adoption of SaaS, AI-enabled technologies, cloud services, and emerging capabilities.

Qualifications

Minimum Requirements:

  • 5+ years of cybersecurity, security architecture, cloud security, GRC, RMF, ATO, or federal compliance experience.
  • Experience supporting federal cybersecurity programs, including RMF, ATO, security assessment, continuous monitoring, vulnerability management, or cloud compliance.
  • Working knowledge of the NIST Risk Management Framework, NIST Cybersecurity Framework, NIST Special Publications, FISMA, FedRAMP, and federal security control expectations.
  • Experience assessing SaaS, cloud services, commercial products, emerging technologies, or enterprise systems for security and compliance risk.
  • Ability to review technical architectures, data flows, identity models, access controls, logging, network segmentation, tenant isolation, and security control implementation.
  • Experience developing POA&Ms, risk statements, security recommendations, assessment reports, test plans, metrics, and executive-level status updates.
  • Strong written and verbal communication skills, including the ability to brief technical risks and recommendations to cybersecurity, engineering, program, and executive stakeholders.
  • Ability to coordinate across vendors, engineering teams, cybersecurity teams, procurement, legal, privacy, records management, and mission stakeholders.

Preferred Qualifications

  • Experience assessing AI-enabled technologies, machine learning platforms, generative AI tools, RAG architectures, vector databases, AI agents, or commercial AI SaaS products.
  • Knowledge of AI security risks, including prompt injection, jailbreaks, model misuse, data leakage, training data exposure, adversarial testing, tool/agent misuse, and AI governance.
  • Experience with continuous ATO, ongoing authorization, automated evidence collection, cybersecurity authorization modernization, or continuous monitoring.
  • Experience with cloud environments such as AWS, Azure, or Google Cloud Platform.
  • Experience with DevSecOps, CI/CD security, Infrastructure as Code, container security, or cloud-native security controls.

    • Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

  • Experience integrating security telemetry into SIEM, SOAR, GRC, vulnerability management, or continuous monitoring platforms.
  • Familiarity with security tools such as Splunk, Microsoft Sentinel, QRadar, Tenable, Security Hub, Defender, Prisma Cloud, ServiceNow, or similar platforms.
  • Experience with AI/LLM evaluation, red-teaming, guardrail, or model-security testing tools such as Microsoft PyRIT, NVIDIA Garak, Promptfoo, DeepEval, OpenAI Evals, Azure AI Foundry Evaluation, Amazon Bedrock Guardrails, Google Vertex AI Evaluation, Lakera Guard, HiddenLayer, Protect AI ModelScan/Guardian, or equivalent tools.
  • Experience developing reusable security baselines, control templates, architecture patterns, runbooks, assessment playbooks, and technical acceptance criteria.

Competencies

  • Security architecture review
  • AI and emerging technology risk assessment
  • Cloud and SaaS security assessment
  • Continuous ATO and compliance modernization
  • Control validation and evidence collection
  • Federal cybersecurity and RMF expertise
  • POA&M development and remediation tracking
  • Security testing and adversarial assessment
  • Vendor and stakeholder coordination
  • Executive-level reporting and recommendations
  • Process development, baselining, and knowledge transfer

Education

  • Bachelor of Science (or higher) in one of the following: Computer Science, Information Technology, Cybersecurity, Engineering, or equivalent.
  • Years of experience may be considered in lieu of a degree.

Certifications

At Least One Of The Following Certifications Is Required

  • GIAC Certified Incident Handler (GCIH); Security+; Certified Information Security Manager (CISM), Certified in Governance of Enterprise IT (CGEIT); Certified Information Systems Security Professional (CISSP); Certified Information Security Auditor (CISA); Certified Cloud Security Professional (CCSP); AWS Certified Security Specialist; Microsoft Certified: Cybersecurity Architect Expert; Microsoft Azure Azure Security Engineer Associate; or another equal GIAC certification related to cloud, incident response, security engineering, or penetration testing.

Clearance Level

  • Public Trust, but an active Secret Clearance is preferred.

Work Location

  • Primary location(s) are Arlington and Alexandria VA. Remote work is authorized, but the employee may have to report to one of the primary sites occasionally or as requested by management or the client.

Hours of Operation

  • 6:00 am ET – 6:00 pm ET

Apply Now
Job Overview
Posted Date Jun 25, 2026
Employment Type Full-time
Experience Level Not Applicable
Location United State
Category Cyber Security
Company hiring our heroes
Mentioned Skills
google cloud platform ai cisa cism embedded penetration testing cissp ccsp nist incident response saas owasp qradar siem aws cloud infrastructure as code cloud native ai tools cybersecurity cloud security splunk machine learning
Industries
non-profit organizations

Similar Jobs

Explore other opportunities that match your interests

Senior Information Security GRC Analyst
Cyber Security
•
4m ago
Visa Sponsorship Relocation Remote
Job Type Contract
Experience Level Mid-Senior level

infolabs inc

United State

Senior Cybersecurity Architect - Government Agency Modernization
Cyber Security
•
31m ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Not Applicable

hiring our heroes

United State

Senior Security Engineer, CDN
Cyber Security
•
1h ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Mid-Senior level

Ringside Talent

United State

Subscribe our newsletter

New Things Will Always Update Regularly