Location: Hybrid for travel to Ashburn, VA and the greater VA/MD/DC area in addition to once a month travel to Patuxent River, MD.
Clearance: Eligibility for SECRET Security Clearance Required
About Us:
Purple Jay is a veteran-owned IT and InfoSec company dedicated to empowering government and private organizations. We believe effective cybersecurity goes beyond protecting data—it must align with your mission to enable progress. Our cross-functional, agile teams leverage proprietary digital solutions to reduce organizational risk and maximize ROI. We are looking for intellectually curious problem-solvers who value continuous learning and can connect with people of diverse backgrounds through empathy and clear communication to join our positively charged culture.
Role Overview:
We are seeking a driven Information Security Engineer to support enterprise mission objectives by leading Risk Management Framework (RMF) and Authorization to Operate (ATO) outcomes. You will blend strategic project management with hands-on technical assessments—validating security controls, executing STIGs, and analyzing scans to ensure compliance reflects real-world system behavior.
Key Responsibilities
- Security Architecture & Policy Design: Design, develop, and maintain security measures, organizational policies, and procedures that ensure regulatory compliance and optimize security outcomes.
- RMF & ATO Lifecycle: Drive system authorization and continuous monitoring within eMASS. Develop, manage, and maintain critical RMF artifacts (SSPs, SARs, SAPs, POA&Ms) to ensure they are accurate, audit-ready, and compliant with DoD regulations.
- Technical Assessment & Validation: Perform hands-on validation of security controls. Execute STIG assessments, analyze automated scan results (e.g., Nessus, static code analysis), and conduct targeted security testing across OS (Linux/Windows), network, and application levels.
- Incident Response & Monitoring: Monitor and analyze information security data sources to actively investigate and respond to security incidents, events, and changing KPI thresholds.
- Risk Management & Collaboration: Identify system vulnerabilities and act as the bridge between technical execution and business strategy. Translate complex security findings into clear, risk-based decisions and mitigation strategies for management, technical teams, and clients.
Required Skills & Qualifications
- Core Frameworks: Strong command of Governance, Risk, and Compliance (GRC) principles, the RMF process, NIST SP 800-53, and DoD authorization requirements.
- Technical Acumen: Deep understanding of system and network security (TCP/IP, Linux, Windows), along with hands-on knowledge of security tools including firewalls, intrusion detection/prevention systems (IDS/IPS), vulnerability scanners, and encryption technologies.
- Threat & Cloud Landscape: Familiarity with modern threat vectors, adversarial techniques, and cloud security concepts (virtualization, SDN).
- Communication: Exceptional technical writing skills for creating concise, accurate security documentation, paired with the ability to facilitate and negotiate with diverse teams.
- Project Management: Demonstrated ability to manage time, organize complex work plans, and operate independently in a high-level collaborative environment.
Why Purple Jay?
We are all about the benefits! We offer an empowering culture that values your voice, alongside:
- Medical, Dental & Vision benefits, plus company-paid Life & Disability Insurance.
- Optional 401k, additional Disability, Life, and Voluntary AD&D plans.
- Paid Federal holidays and up to two weeks of accrued PTO.
- Career growth opportunities with sponsored training and boot camps.
- All required technical equipment provided by Purple Jay.
Purple Jay, LLC is an Equal Opportunity Employer. All applicants are considered without regard to race, color, ancestry, national origin, gender/gender identity, sexual orientation, marital and family status, religion and religious belief, age, disability, results of genetic information, and service in the military.
