Cybersecurity / Information Security Engineer

Position Overview:
Evans & Chambers Technology (EC) is seeking an experienced Information Systems Security Engineer (ISSE) to support a technical development program centered on cloud-based applications and associated infrastructure operating in a highly secure, classified network environment. The ISSE will integrate directly into a multidisciplinary team that includes software developers, systems engineers, DevOps engineers, database administrators, and systems architects.

Clearance: Active TS/SCI with Polygraph
Location: Chantilly, VA Onsite
Core team hours: 9 AM – 3 PM daily; schedule flexibility outside those hours may be negotiated with management.

Evans & Chambers partners with the US national defense community to create fully integrated, resilient, and innovative digital solutions that enable them to make smart decisions in real-time. We work with our customers on everything from conquering their data to improving and safeguarding IT infrastructure. Our ultimate goal? To enhance our nation's ability to identify, address, and act – no matter what challenges arise.

What a Typical Day Looks Like
• Participate in daily Agile standup (scrum) meetings and provide status updates on assigned Jira issues
• Attend ad-hoc Technical Exchange Meetings (TEMs) to assess security impacts of proposed architectural and system changes
• Lead or assist with security scans; analyze and report on findings and their system impact
• Review externally reported security findings (CVEs) and conduct impact analysis with recommended remediation paths
• Evaluate upcoming system changes and new features for security implications during team design reviews

Primary Responsibilities
• Identify, select, implement, and assess NIST SP 800-53 security and privacy controls
• Develop and integrate secure configuration baselines per DISA STIGs and CIS benchmark guidelines
• Contribute to the design of secure architectures and system designs
• Ensure security requirements are embedded throughout the System/Software Development Life Cycle (SDLC)
• Execute Continuous Monitoring (ConMon) activities in support of Assessment and Authorization (A&A) requirements
• Create, review, and maintain A&A artifacts and supporting documentation
• Perform security analysis and monitoring across a 100% AWS cloud-based environment
• Conduct vulnerability scanning, analyze results, and develop remediation strategies and security implementations
• Interface with Information System Security Managers (ISSMs) to support system accreditation efforts
• Lead or participate in TEMs; document outcomes and brief management as needed

Required Qualifications
• 6–10 years of relevant ISSE or cybersecurity experience
• Active TS/SCI with Polygraph
• BS in a technical discipline or equivalent demonstrable experience
• Hands-on Linux experience, including proficiency with the command line
• Scripting and programming experience in Bash, Python, or similar languages
• Solid understanding of networking fundamentals — ports, routing, subnets, VPNs, firewalls, and troubleshooting
• Experience working within Agile development teams and workflows
• Strong working knowledge of NIST SP 800-37, NIST SP 800-53, NIST SP 800-160, DISA/CIS STIGs, and CVE management
• Experience with RMF workflow tools and processes
• Strong written and verbal communication skills; able to clearly articulate findings and recommendations, and receptive to alternative approaches raised by team members

Desired Qualifications
• Relevant certifications such as CISSP, AWS Cloud Practitioner, AWS Security Specialty, or AI security credentials
• Experience with Infrastructure as Code (IaC) tools such as Ansible, Terraform, or similar automation platforms
• Prior experience working in a cloud-based environment, preferably AWS



All employment opportunities are made without regard to age, race, creed, color, religion, sex national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status or any other basis protected by law.