Principal Security Engineer

Overview: In a defense industry setting, the Principal Security Engineer is a senior-level expert responsible for safeguarding sensitive systems and data against cyber threats. They design, implement, and maintain advanced security architectures while ensuring compliance with strict government security standards. This role requires deep technical cybersecurity expertise, strategic thinking, and leadership skills to guide teams and influence the program security posture. This senior position in the program, requires U.S. citizenship and an active security clearance due to the sensitive nature.

Key Responsibilities

    •    Security Architecture & Strategy: Design and implement comprehensive cybersecurity strategies and architectures for defense systems, ensuring robust protection of networks and data. Identify and document system security requirements and develop solutions to meet or exceed those requirements.

    •    Risk Assessment & Mitigation: Conduct regular security risk assessments and threat analyses to identify vulnerabilities in systems. Develop and deploy mitigation strategies and countermeasures to address identified risks and continuously evaluate emerging threats to keep defenses up to date.

    •    Security Operations & Monitoring: Oversee the configuration, maintenance, and continuous monitoring of security infrastructure (e.g. firewalls, intrusion detection systems, SIEM tools) to detect and respond to security incidents in real time. Lead incident response planning and coordinate effective response to any security breaches or violations.

    •    Compliance & Documentation: Ensure all systems and projects comply with defense industry security standards and regulations (such as NIST SP 800-53, NIST 800-160, Risk Management Framework, and DoD STIGs). Maintain required security documentation and accreditation materials (e.g. System Security Plans, risk assessment reports) to support authority to operate and other compliance requirements.

    •    Cross-Functional Collaboration: Work closely with cross-functional teams (systems engineering, software development, IT, and project management) to integrate security requirements into all phases of system development and operations. Provide expert guidance on security best practices during design, implementation, and deployment of defense systems.

    •    Leadership & Mentorship: Lead security initiatives and projects, ensuring they are delivered on schedule and within scope. Mentor and guide junior security engineers and team members, fostering a culture of security awareness and continuous improvement. Communicate security issues and strategies to senior leadership and stakeholders in clear, actionable terms.

Qualifications and Required Experience

    •    Education: Bachelor’s degree in computer science, Cybersecurity, Systems Engineering, or a related field. Strong foundational knowledge of information security principles and practices is assumed.

    •    Experience: Extensive experience in security engineering or related field – typically 8-10+ years in progressively senior roles. Proven track record of securing complex systems, preferably in defense or highly regulated environments.

    •    Technical Expertise: In-depth knowledge of cybersecurity domains including network and system security, secure software development, encryption protocols, and vulnerability management. Hands-on experience designing and evaluating security architectures for complex systems and implementing enterprise security.

    •    Standards & Frameworks: Familiarity with U.S. defense and federal security standards and frameworks, such as NIST Special Publications (800-53, 800-160) and the Risk Management Framework (RMF) process. Experience developing or assessing Security Authorization artifacts in accordance with government requirements (e.g. NIST SP 800-37 RMF accreditation packages) is highly valued.

    •    Certifications: Relevant security certifications are preferred, for example CISSP or CISM for general cybersecurity management. DoD 8140 IAM/IAT or IASAE Level II/III certifications (e.g. CISSP-ISSEP, ISSAP) are a strong plus, as they demonstrate knowledge required for securing defense systems.

    •    Security Clearance: U.S. citizenship is required. Active Secret security clearance (or eligibility to obtain one) is required due to the sensitive nature of defense projects.

    •    Soft Skills: Excellent leadership and project management skills, with the ability to lead cross-functional security projects from concept to completion. Strong communication skills are essential – able to explain complex security concepts to non-technical stakeholders and to train staff on security best practices. A proactive mindset, attention to detail, and the highest ethical standards are expected for this role.

Basic Qualifications:

• U.S. Citizenship Required

Red River offers a competitive salary, excellent benefits and an exceptional work environment. You can review our benefit offerings here. If you are ready to join a growing company, please submit your resume and cover letter (optional).

EOE M/F/DISABLED/Vet

Red River is an equal opportunity employer.  All qualified applicants will receive consideration for employment.  Discrimination or harassment based upon any protected characteristics as defined by state or federal law is wholly inconsistent with our company values and will not be tolerated.

In order to ensure reasonable accommodation for individuals protected by Section 503 of the Rehabilitation Act of 1973, the Vietnam Veterans Readjustment Act of 1974, and Title I of the American’s with Disabilities Act of 1990, applicants that require accommodation in the job application process may contact accommodation@redriver.com. PLEASE NOTE: This contact channel is reserved for use by individuals with disabilities who require special accommodations in order to submit an expression of interest in a position within Red River.

Red River does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings or otherwise. Placement fees will not be paid to any recruiter unless Red River has an active agreement in place with the recruiter and such a request has been made by the Red River Talent Acquisition team and such candidate was submitted to the Red River Talent Acquisition Team via our Applicant Tracking System. Any unsolicited resumes or other data submitted to Red River in violation of this policy may be used by Red River without obligation to pay any fees of any kind to the recruiter.