SECURITY ENGINEER

• Design, implement, and maintain security controls in accordance with NIST SP 800-53 (Moderate) across all system components
• Deploy, configure, and maintain a Web Application Firewall (WAF) and enforce OWASP Top 10 validation throughout the software development lifecycle
• Implement and manage TLS 1.2/1.3 encryption for data in transit and 256-bit AES (FIPS 140-2/140-3 compliant) encryption for data at rest
• Conduct and coordinate SAST, DAST, and Software Composition Analysis (SCA) as part of the secure development lifecycle
• Maintain a Software Bill of Materials (SBOM) for all applications and manage application allowlisting to prevent unauthorized software execution
• Implement and manage IEEE 802.1x certificate-based network access control
• Develop, maintain, and continuously update the Security Risk Management Plan
• Manage real-time, automated hardware and software asset inventory tracking
• Coordinate and support annual independent security audits (NIST SP 800-53 Moderate or SOC 2 Type II); deliver SOC 2 Type II reports.
• Monitor system security logs and provide on-demand access to designated agency personnel
• Lead incident response activities; deliver breach/incident notifications to the Agency within 24 hours of discovery
• Ensure all Agency Data remains within the United States or its territories at all times — no overseas access, transmission, storage, or backup permitted
• Manage cryptographic key lifecycle in accordance with NIST SP 800-57
• Perform data sanitization and media destruction per NIST SP 800-88 (Rev. 1)
• Classify and protect all Agency Data per applicable Oregon Information Asset Classification policies
• Generate User Access Reports and Data Sanitization Certifications upon agency request
• Provide prior notification to the Agency before responding to any third-party or law enforcement requests for Agency Data
• Ensure all personnel complete periodic privacy and security training per NIST SP 800-53 AT family controls
• Support disaster recovery planning and geographically dispersed hosting operations within Oregon

• Bachelors degree and 5 years of experience or an Associates degree and 7 years of experience or a High School diploma and 9 years of experience.
• Must be a U.S. Citizen or Green Card holder.
• Must be able to pass an FBI NCIC fingerprint-based background check
• 5+ years of experience in information security engineering, cybersecurity, or a related discipline
• Demonstrated experience implementing NIST SP 800-53 (Moderate) security controls in a production environment
• Hands-on experience with SOC 2 Type II audit processes and remediation
• Proficiency with OWASP Top 10 vulnerability identification and remediation
• Experience deploying and managing Web Application Firewalls (WAF)
• Working knowledge of SAST, DAST, and SCA tools and integration into CI/CD pipelines
• Experience with TLS 1.2/1.3, AES-256, and FIPS 140-2/140-3 compliant encryption implementations
• Familiarity with NIST SP 800-57 (cryptographic key management) and NIST SP 800-88 (media sanitization)
• Experience with IEEE 802.1x network access control
• Experience maintaining Software Bills of Materials (SBOM) and application allowlisting technologies
• Knowledge of incident response procedures, including breach notification requirements
• Familiarity with cloud infrastructure security and data residency requirements
• Strong written and verbal communication skills; ability to produce audit-ready documentation and compliance reports

• Experience supporting state or federal government IT systems or election infrastructure
• Knowledge of Oregon Consumer Information Protection Act (OCIPA) (ORS 646A.600–646A.628) and Oregon Statewide Information Security Standards
• Familiarity with Oregon Executive Order 23-26 (AI governance requirements)
• Experience with Peraton Cloud Seed or similar government cloud environments
• Relevant certifications: CISSP, CISM, CEH, CompTIA Security+, AWS/Azure Security Specialty, or equivalent
• Experience with geographically dispersed hosting and disaster recovery in government environments
• Reside in the Oregon/Washington area

Target Salary Range: $80,000 - $128,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual’s experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.

Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at https://www.careers.peraton.com/benefits.

Application Statements: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates. By applying to this job, you are expressing interest in the role and the Company. During the review of your application, you may be required to participate in an on-camera interview, as well as participate in a process to verify your identity.