Decision Point
Security Architect/Engineer
ID
2025-3080
Job Locations
US
Category
Information Technology
Type
Regular Full-Time
Overview
DecisionPoint seeks a
Security Architect/Engineer
to design, implement, and sustain secure enterprise architectures for a modernized Department of Defense (DoD) information system. The Security Architect will ensure systems meet stringent security, compliance, and operational standards through
defense-in-depth engineering ,
Zero Trust implementation , and
RMF control integration
across IL environments. This position plays a key role in establishing secure architectures that protect sensitive mission data while enabling operational agility, interoperability, and compliance with DoD cybersecurity mandates. This position is fully remote. Note:
By applying to this position, you acknowledge and consent to having your resume included in an active competitive government contract bid. Duties & Responsibilities
The
Security Architect/Engineer
will: Lead the
design and implementation of secure system architectures
across multiple IL environments (IL2-IL5) in compliance with DoD and NIST standards.
Define and validate
security requirements
throughout the system lifecycle, including hardware, software, and cloud components. Conduct
risk assessments, security architecture reviews, and threat modeling
to identify and mitigate vulnerabilities. Develop and maintain
architecture diagrams, data flow mappings, and control baselines
for ATO documentation and continuous monitoring. Implement
Zero Trust principles
including segmentation, strong identity management, encryption, and telemetry integration. Support and maintain
RMF accreditation artifacts
(SSP, SAR, POA&M, etc.) and ensure traceability to implemented controls. Integrate
security automation and continuous compliance
within DevSecOps pipelines using tools such as Tenable ACAS, AWS Inspector, and Twistlock. Collaborate with network, platform, and application teams to align technical implementations with cybersecurity policy and architecture standards. Define and enforce
data protection and key management solutions
(KMS, TDE, PKI) within AWS GovCloud and hybrid environments. Support vulnerability management, remediation tracking, and penetration testing coordination. Maintain awareness of evolving
DoD cyber policies, cloud standards, and emerging security technologies
to proactively improve posture. Lead technical deep dives and architecture reviews for proposed changes to ensure secure system evolution. Contribute to
incident response readiness , ensuring forensic tools, audit logs, and alerting mechanisms are in place. Provide
guidance and mentorship
to engineers and administrators on secure configuration management, encryption, and boundary protection. Qualifications
Clearance Requirement: Must hold an active
Top Secret clearance
(SCI eligibility preferred). Education: Bachelor's degree in Cybersecurity, Computer Science, or a related technical field. Experience: Minimum
7 years of experience
in cybersecurity engineering, architecture, or secure system design for federal or defense environments. Experience developing and enforcing
security architectures and control frameworks
in AWS GovCloud IL4/IL5. Proven experience integrating security into
Agile or DevSecOps pipelines
and performing RMF-compliant design reviews. Technical Knowledge: Deep understanding of
DoDI 8510.01 (RMF) ,
NIST SP 800-53/171 , and
DISA STIG/SRG
compliance frameworks. Expertise in
cloud security architecture
and Zero Trust implementation. Experience with
encryption standards , data loss prevention (DLP), and secure identity management (SAML, OAuth, MFA). Proficiency with
AWS GovCloud , container security, and Infrastructure as Code (IaC) security. Familiarity with
network security principles , firewall design, VPNs, and segmentation. Knowledge of
continuous monitoring tools
such as Splunk, ELK Stack, CloudWatch, and GuardDuty. Experience supporting
ATO/renewal efforts , POA&M closure, and security audit responses. Certifications (Preferred): CISSP, CISM, or CompTIA Advanced Security Practitioner (CASP+). AWS Certified Security - Specialty. CompTIA Security+ CE (DoD 8570 baseline). Certified Cloud Security Professional (CCSP). Skills: Strong analytical, architectural, and documentation skills. Ability to evaluate technical designs for compliance and security effectiveness. Excellent communication skills for presenting complex topics to technical and non-technical audiences. Strong collaboration across development, cybersecurity, and program management teams. Commitment to proactive risk management and secure modernization.
Our Equal Employment Opportunity Policy
EEO and Affirmative Action Policy:
DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws. Pay Transparency Policy:
In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. Authorization to Share Resume and Personal Information:
By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.
ID
2025-3080
Job Locations
US
Category
Information Technology
Type
Regular Full-Time
Overview
DecisionPoint seeks a
Security Architect/Engineer
to design, implement, and sustain secure enterprise architectures for a modernized Department of Defense (DoD) information system. The Security Architect will ensure systems meet stringent security, compliance, and operational standards through
defense-in-depth engineering ,
Zero Trust implementation , and
RMF control integration
across IL environments. This position plays a key role in establishing secure architectures that protect sensitive mission data while enabling operational agility, interoperability, and compliance with DoD cybersecurity mandates. This position is fully remote. Note:
By applying to this position, you acknowledge and consent to having your resume included in an active competitive government contract bid. Duties & Responsibilities
The
Security Architect/Engineer
will: Lead the
design and implementation of secure system architectures
across multiple IL environments (IL2-IL5) in compliance with DoD and NIST standards.
Define and validate
security requirements
throughout the system lifecycle, including hardware, software, and cloud components. Conduct
risk assessments, security architecture reviews, and threat modeling
to identify and mitigate vulnerabilities. Develop and maintain
architecture diagrams, data flow mappings, and control baselines
for ATO documentation and continuous monitoring. Implement
Zero Trust principles
including segmentation, strong identity management, encryption, and telemetry integration. Support and maintain
RMF accreditation artifacts
(SSP, SAR, POA&M, etc.) and ensure traceability to implemented controls. Integrate
security automation and continuous compliance
within DevSecOps pipelines using tools such as Tenable ACAS, AWS Inspector, and Twistlock. Collaborate with network, platform, and application teams to align technical implementations with cybersecurity policy and architecture standards. Define and enforce
data protection and key management solutions
(KMS, TDE, PKI) within AWS GovCloud and hybrid environments. Support vulnerability management, remediation tracking, and penetration testing coordination. Maintain awareness of evolving
DoD cyber policies, cloud standards, and emerging security technologies
to proactively improve posture. Lead technical deep dives and architecture reviews for proposed changes to ensure secure system evolution. Contribute to
incident response readiness , ensuring forensic tools, audit logs, and alerting mechanisms are in place. Provide
guidance and mentorship
to engineers and administrators on secure configuration management, encryption, and boundary protection. Qualifications
Clearance Requirement: Must hold an active
Top Secret clearance
(SCI eligibility preferred). Education: Bachelor's degree in Cybersecurity, Computer Science, or a related technical field. Experience: Minimum
7 years of experience
in cybersecurity engineering, architecture, or secure system design for federal or defense environments. Experience developing and enforcing
security architectures and control frameworks
in AWS GovCloud IL4/IL5. Proven experience integrating security into
Agile or DevSecOps pipelines
and performing RMF-compliant design reviews. Technical Knowledge: Deep understanding of
DoDI 8510.01 (RMF) ,
NIST SP 800-53/171 , and
DISA STIG/SRG
compliance frameworks. Expertise in
cloud security architecture
and Zero Trust implementation. Experience with
encryption standards , data loss prevention (DLP), and secure identity management (SAML, OAuth, MFA). Proficiency with
AWS GovCloud , container security, and Infrastructure as Code (IaC) security. Familiarity with
network security principles , firewall design, VPNs, and segmentation. Knowledge of
continuous monitoring tools
such as Splunk, ELK Stack, CloudWatch, and GuardDuty. Experience supporting
ATO/renewal efforts , POA&M closure, and security audit responses. Certifications (Preferred): CISSP, CISM, or CompTIA Advanced Security Practitioner (CASP+). AWS Certified Security - Specialty. CompTIA Security+ CE (DoD 8570 baseline). Certified Cloud Security Professional (CCSP). Skills: Strong analytical, architectural, and documentation skills. Ability to evaluate technical designs for compliance and security effectiveness. Excellent communication skills for presenting complex topics to technical and non-technical audiences. Strong collaboration across development, cybersecurity, and program management teams. Commitment to proactive risk management and secure modernization.
Our Equal Employment Opportunity Policy
EEO and Affirmative Action Policy:
DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws. Pay Transparency Policy:
In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. Authorization to Share Resume and Personal Information:
By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.