Information Security Engineer

Responsibilities

**Position is Contingent Upon Award**

Peraton seeks innovative professionals who thrive in mission-critical environments and are passionate about protecting our national critical infrastructure. This is your chance to make an impact on one of the nation's vital organizations, working alongside leaders in cybersecurity engineering, operations, forensics, threat analysis, data science, and systems integration.

Join Peraton in supporting a large critical infrastructure operator to defend its corporate and operations networks from nation-state attacks, ensure the confidentiality, integrity, and availability of its systems and operations infrastructure, and comply with federal and industry cybersecurity regulation. As an information security engineer working alongside a state of the art 24-hour Cybersecurity Operations Center (CSOC), you will be responsible for leading the assessment, validation, and remediation of security controls across the organization. This role ensures that security risks are identified, prioritized, and effectively mitigated in alignment with regulatory requirements, security frameworks, and organizational risk tolerance.

Primary Responsibilities:

The Information Security Engineer will be responsible to:

• Lead security control assessments across systems, applications, and infrastructure
• Evaluate the effectiveness of technical, administrative, and operational security controls
• Identify control gaps, weaknesses, and residual risk
• Develop, track, and manage remediation plans in coordination with system owners
• Prioritize remediation efforts based on risk, impact, and business context
• Validate remediation actions and confirm control effectiveness post-fix
• Maintain risk registers, control assessment documentation, and remediation evidence
• Support internal and external audits, assessments, and regulatory inquiries
• Communicate risk posture, trends, and remediation status to leadership
• Work with stakeholders to continuously improve assessment and remediation processes and methodologies
• Stay current on emerging threats and incorporate lessons learned into recommendations to policies, procedures, and cybersecurity systems and network modifications
• Prepare reports and brief CSOC Manager, infrastructure stakeholders and corporate management on requests

Additional Responsibilities:

• Contribute to the development and periodic review of security policies, standards, and control procedures
• Provide advisory support to system owners and project teams during system design or major changes
• Participate in tabletop exercises, risk workshops, and threat modeling sessions as a controls SME
• Support onboarding and training of staff on control assessment and remediation processes
• Assist with defining control metrics, KPIs, and maturity indicators
• Review and provide input on third-party risk assessments and vendor security reviews
• Support merger, acquisition, organizational role changes or system onboarding activities from a risk and controls perspective
• Track emerging threats, regulatory changes, and framework updates to inform assessment strategy
• Mentor junior risk analysts or assessment team members
• Support executive reporting and briefings on risk trends and remediation progress

Qualifications

Required:

• U.S. Citizenship Required
• Must have the ability to obtain / maintain a DOE L Level or DOE Secret clearance
• Degree in computer science, engineering, cybersecurity, information technology, risk management or related field
• 8 years of experience with BS/BA; 6 years with MS/MA
• Experience in cybersecurity compliance, analyst, governance, or risk management roles
• Understanding of industry cybersecurity standards such as FISMA, NIST 800 series, ISO 27001 and regulatory compliance requirements
• Experience with vulnerability assessment, enterprise risk assessments, and remediation workflows
• Ability to analyze scan results and control findings to determine true risk to the organization
• Experience creating and managing POA&Ms or remediation plans
• Familiarity with patch management and configuration remediation processes
• Ability to lead cross-functional remediation efforts without direct authority
• Experience coordinating with engineering, IT, security, and compliance teams
• Strong project management and prioritization skills
• Strong analytical and problem-solving skills

Desired:

• Hold technical and/or cybersecurity certification such as CISSP, GIAC GSEC, GIAC GCIH, CISA SSCP, CompTIA Security+
• A master's degree in computer science, engineering, cybersecurity, information technology, or related field

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.

Target Salary Range

$104,000 - $166,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

EEO

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.