IT Security Lead

LMI is seeking an experienced Security Lead to support a key client at the General Services Administration (GSA) in delivering a modern, web-based acquisitions system. This initiative modernizes Governmentwide Indefinite Delivery Vehicle (IDV) contracting through modular, API-driven services deployed in federal cloud environments. 

The Security Lead will serve as the senior authority responsible for defining and enforcing the program’s security and compliance approach in alignment with GSA requirements. This individual must possess a comprehensive understanding of the Authorization to Operate (ATO) process for cloud applications and collaborate closely with the client’s Information Technology Security Officers (ITSOs) to ensure the development team adheres to approved security controls and compliance standards. 

The ideal candidate combines deep federal security expertise, hands-on cloud security experience in AWS, and the ability to integrate DevSecOps practices into modern Agile software delivery. 

This position is anticipated to be majority remote, but with the ability to travel and visit the client’s offices in Washington, D.C. as frequently as needed. 

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors—helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value

Security Strategy & Governance 

• Serve as the primary authority for system security architecture and compliance 

• Collaborate directly with GSA security personnel to define and implement security and compliance controls required for cloud-based applications 

• Ensure development teams adhere to approved security architecture and control implementations 

• Establish and maintain security documentation, policies, and procedures aligned with federal standards 

• Ensure compliance with FISMA and agency-specific security policies governing federal information systems. 

ATO & Federal Compliance 

• Lead the system through the full Authorization to Operate (ATO) lifecycle for applications 

• Develop and maintain System Security Plans (SSPs), security control documentation, and supporting artifacts 

• Manage Plans of Action and Milestones (POA&Ms) and track remediation activities 

• Support security control assessments and coordinate responses to findings 

• Align controls with guidance from the National Institute of Standards and Technology (NIST), FedRAMP requirements, and Trusted Internet Connections (TIC)/cloud security guidance 

DevSecOps & CI/CD Integration 

• Embed automated security controls into CI/CD pipelines to enable secure, continuous delivery 

• Ensure static and dynamic code analysis, dependency scanning, container security, and infrastructure-as-code validation are integrated into build and deployment processes 

• Promote secure coding practices and continuous monitoring across development teams 

Cloud Security (AWS) 

• Lead security architecture for applications and infrastructure deployed within AWS cloud environments 

• Configure and manage native AWS security services (e.g., IAM, Security Hub, GuardDuty) 

• Enforce least privilege access controls and secure identity and access management practices 

• Monitor cloud environments for threats, misconfigurations, and vulnerabilities 

Risk Management & Audit Readiness 

• Conduct security risk assessments and oversee vulnerability scanning and penetration testing activities 

• Manage security incident response coordination and reporting 

• Maintain continuous monitoring practices and ensure audit readiness for all system components 

• Support ongoing authorization and continuous ATO practices through automated control monitoring and real-time risk visibility. 

• Track, report, and mitigate identified risks throughout the system lifecycle 

Team & Stakeholder Collaboration 

• Mentor development teams on security requirements and secure coding standards 

• Partner closely with team’s leadership to align security with system architecture and delivery timelines 

• Communicate security risks, compliance status, and remediation strategies clearly to both technical and non-technical stakeholders 

Required Qualifications 

• Demonstrated experience serving as a Security Lead (or equivalent role) on federal IT programs 

• Extensive hands-on experience implementing federal security architectures aligned with NIST guidance, FedRAMP, and TIC/cloud security requirements 

• Proven track record leading systems through the full ATO lifecycle, including SSP development and POA&M management 

• Deep understanding of integrating security controls into CI/CD pipelines consistent with DevSecOps principles 

• Expert-level knowledge securing applications and infrastructure in AWS cloud environments 

• Experience conducting risk assessments, vulnerability management, and maintaining audit readiness 

• Strong written and verbal communication skills 

Desired Qualifications 

• Experience supporting GSA or other federal cloud modernization initiatives 

• Relevant certifications (e.g., CISSP, CCSP, AWS Security Specialty, Security+) 

• Experience supporting systems at moderate or high impact levels under federal security frameworks 

• Familiarity with continuous monitoring tools and automated compliance validation solutions 

The target salary range for this position is $135,000-$225,000.

The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.