Logo for Second Front Systems

Cybersecurity Assessment Engineer

Role overview

Qualifications

  • 3-5 years of relevant experience
  • Intermediate knowledge of DevSecOps tools and software development
  • Proficient knowledge of NIST SP 800-37 (RMF) and NIST SP 800-53 rev 5 security controls
  • Deep understanding of the FedRAMP authorization process and Department of Defense (DoD) security standards

Responsibilities

  • Review web application artifacts of customer developed applications and provide customer feedback
  • Assist with incident response plans to respond to application outages or downtime
  • Conduct comprehensive assessments of cloud infrastructure, applications, and containerized environments to verify compliance with DISA STIGs, SRGs, and CIS Benchmarks
  • Monitor and report on the ongoing effectiveness of security controls

About the company

Second Front Systems logo

Second Front Systems

Defense Technology

At Second Front Systems (2F), we build software that accelerates delivery of technology to U.S. warfighters. By harnessing insights and methodologies from the private sector and aligning them with government priorities and processes, we enable defense and national security professionals to effectively engage in long-term, continuous competition for access to emerging technologies. Our primary software offering is Game Warden, the first of its kind DevSecOps platform delivering commercial SaaS to government with built-in accreditation. 2F is a public benefit corporation and veteran-owned defense company headquartered in Wilmington, Delaware, with a bi-coastal and international presence.

Company details

Company typeScaleup
IndustryDefense Technology
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Second Front Systems (2F) is looking for a battle-tested, high-agency Cybersecurity Assessment Engineer to support our team.. We sit at the high-stakes intersection of defense tech and national security, and this role is about building a modern, resilient operations function from the ground up. You’ll be protecting the infrastructure and platforms that power mission-critical software for the free world—ensuring our nation’s defenders have the secure environment they need to move fast.

At 2F, we pair a startup’s bias for action with a relentless sense of purpose. As a Cybersecurity Assessment Engineer at Second Front Systems, you will help ensure that Game Warden maintains a strong security posture. You will work hand-in-hand with the DevOps Engineering and Mission Success teams to oversee the software vulnerability scanning process, review vulnerability scan results, assist the customers in understanding those results, and make approval recommendations for vulnerabilities that can't be immediately resolved. This role will require learning new things like researching identified vulnerabilities, assessing risk, solving big problems, speaking your mind, and contributing to a culture of diversity, innovation, and excellence. This role is key to the security of our cloud platform and of the customer applications running on it.

Note: Candidates must reside in one of our approved hiring hubs:

  • DC/Maryland/Virginia

  • Raleigh/Durham/Chapel Hill, NC

  • Denver/Colorado Springs, CO

  • Dallas/Fort Worth, TX

What You'll Do

  • Review web application artifacts of customer developed applications and provide customer feedback

  • Primary face of the cybersecurity team to software development and mission success teams

  • Assist with incident response plans to respond to application outages or downtime

  • Technical Security Validation: Conduct comprehensive assessments of cloud infrastructure, applications, and containerized environments to verify compliance with DISA STIGs, SRGs, and CIS Benchmarks.

  • Authorization Lifecycle Management: Author, review, and maintain high-quality security artifacts, including System Security Plans (SSP), Security Assessment Plans (SAP), and Security Assessment Reports (SAR).

  • Continuous Monitoring (ConMon): Monitor and report on the ongoing effectiveness of security controls, ensuring the platform maintains a robust and authorized security posture.

  • Vulnerability & Risk Analysis: Utilize automated scanning suites (e.g., Anchore, Trivy, Tenable) to identify vulnerabilities, distinguish true positives, and provide actionable remediation guidance to dev teams.

  • Supply Chain Security: Implement and manage technical workflows for SBOMs (Software Bill of Materials) to support modern, continuous authorization standards.

  • Cross-Functional Collaboration: Partner with DevOps and Software Engineering teams to translate complex NIST 800-53 controls into implementable technical requirements.

What You Bring

  • Experience solving complex and sometimes ill-defined problems

  • Intermediate knowledge of DevSecOps tools and software development

  • Ability to create and implement incident response plans

  • Background in cybersecurity and understanding of vulnerability risk analysis

  • Hands-on experience assessing or securing services within AWS, Azure, or GCP, particularly within PaaS or Kubernetes-based environments.

  • Proficient knowledge of NIST SP 800-37 (RMF) and NIST SP 800-53 rev 5 security controls

  • Deep understanding of the FedRAMP authorization process and Department of Defense (DoD) security standards.

  • 3-5 years of relevant experience

  • Ability to attain DOD 8570 Baseline Certification for IAT II within 6 months of hire date (preferably CYSA+)

Preferred

  • Extensive experience with Department of Defense DevSecOps practices, policies, and security

  • Experience with Docker, Gitlab, Kubernetes, Anchore, or other container scanning tools

  • Ability to write basic scripts (Python, Bash, etc.) to automate evidence collection or data parsing

  • Strong interest in matters of national security

  • Having a Secret clearance is preferred

 

The base salary for this position will fall between $125,000-140,000 Your ultimate compensation will be determined by professional background, technical proficiency, seniority, and regional cost factors. Furthermore, this opportunity includes potential eligibility for equity awards and discretionary bonuses, rounding out a comprehensive total rewards offering.

 

Success at 2F Looks Like:

  • Viewing obstacles as opportunities for growth

  • Having a bias toward action and tangible, measurable results

  • Striving to be both compassionate and direct with your feedback

  • Being team-oriented and inclusive with your action

Perks & Benefits:

This role is a full time position. As a public benefit corporation, we’re a team of purpose-driven trailblazers transforming the future of U.S. national security. We hire the best to do their best and, as such, we are committed to providing the perks and benefits you need to be successful—both in- and outside the workplace.

We offer you:

  • Competitive Salary

  • 100% Healthcare, vision and dental coverage

  • 401(k) + 3% company contribution

  • Wellness perks (Fitness classes, mental health resources)

  • Equity incentive plan

  • Tech + office supplies stipend

  • Annual professional development stipend

  • Flexible paid time off + federal holidays off

  • Parental leave

  • Work from anywhere

  • Referral Bonus

Visit our careers page to learn more.

Who We Are:

Second Front Systems (2F) is a public-benefit software company powering software for the free world. We eliminate the friction that slows innovation, enabling faster, more secure development and deployment of software across government and regulated networks. Built by national security veterans and backed by top-tier venture capital, our platform is trusted by the world’s leading organizations to cut deployment timelines from years to weeks. We move fast, solve hard problems, and deliver trusted capabilities where they’re needed most. Our work strengthens global security and gives the United States and its allies a lasting competitive advantage. Learn more at secondfront.com.

One last thing:

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

 
 

State notices:

Colorado:

In accordance with Colorado law, applicants may redact their date of birth, dates of attendance, and dates of graduation from any uploaded documents.

 

Maryland:

Under Maryland law, an employer may not require or demand, as a condition of employment, prospective employment, or continued employment, that an individual submit to or take a polygraph examination or similar test. An employer who violates this law is guilty of a misdemeanor and subject to a fine not exceeding $100.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Cybersecurity Engineer Related jobs

Other jobs at Second Front Systems

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.