Senior Security Engineer

Oddball believes that the best products are built when companies understand and value the things they are working on. We value learning and growth and the ability to make a big impact at a small company. We believe that we can make big changes happen and improve the daily lives of millions of people by bringing quality software to the federal space. 

We are hiring a Senior Security Engineer  to work on a pivotal Federal program that is making a positive impact on millions of Americans' daily lives. 

What you'll be doing:

As a Senior Security Engineer you will lead security engineering efforts to safeguard systems and data critical to veterans’ healthcare and benefits. You will work closely with application development teams to embed security into software lifecycles, ensure compliance with federal standards, and support all phases of the Authorization to Operate (ATO) process. Your responsibilities will span security architecture, risk management, monitoring, and continuous compliance in cloud, hybrid, and on-premise environments.

Key Responsibilities:

• Design and implement security controls and solutions across VA enterprise systems and applications
• Partner with application development teams to integrate security requirements into design, development, and deployment cycles
• Support and lead efforts related to obtaining and maintaining Authority to Operate (ATO), including development of System Security Plans (SSPs), Pan of Action and Milestones (POA&Ms), and control documentation
• Conduct risk assessments, vulnerability scans, and threat modeling per NIST SP 800-53 and VA Handbook 6500
• Actively participate in Agile/DevSecOps pipelines to ensure security is applied throughout the CI/CD lifecycle
• Respond to security incidents, investigate anomalies, and coordinate with Cybersecurity Operations Center (CSOC) and stakeholders for resolution
• Implement and maintain monitoring and detection tools (e.g., Splunk, ACAS, Nessus) to support continuous diagnostics and mitigation (CDM)
• Ensure systems comply with FISMA, HIPAA, FedRAMP, and VA-specific security requirements
• Review and assess third-party solutions for compliance and integration into VA’s secure architecture
• Provide mentorship and technical guidance to junior engineers and ensure knowledge sharing across teams

What you’ll bring:

• Proven experience collaborating with application teams on secure software development practices
• Strong familiarity with the full ATO lifecycle and RMF process, including documentation and continuous monitoring
• Deep understanding of NIST SP 800-53, FISMA, FedRAMP, and HIPAA regulatory frameworks
• Proficiency in securing cloud platforms such as AWS GovCloud and Azure Government
• Experience with vulnerability management and scanning tools (Nessus, ACAS)
• Familiarity with Security Information and Event Management (SIEM) platforms and log analysis (e.g., Splunk, ELK Stack)
• Solid scripting/automation skills (e.g., Python, PowerShell, Bash, GHA) for implementing security controls
• Excellent communication skills for cross-functional collaboration and stakeholder reporting

• Performs other related duties as assigned.

Preferred Certifications:

• CISSP, CAP, CEH, CISM, or other DoD 8570 baseline certifications
• Experience with VA Electronic Health Record system (EHR) modernization or other large-scale federal application environments

Requirements:

• Must be a US Citizen and able to work domestically 
• Must be able to attain low-level security clearance 

Education:

• Bachelor's Degree 

Benefits:

• Fully remote
• Annual stipend
• Comprehensive Benefits Package
• Company Match 401(k) plan
• Flexible PTO, Paid Holidays

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities:

Oddball is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact an Oddball HR representative to request such an accommodation by emailing hr@oddball.io 

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)

Compensation:

At Oddball, it’s important each employee is compensated competitively and fairly. In alignment with state legal requirements. A range for the included position is listed below. Be advised, actual offer details are determined by job category, job location, and candidate skill level.

United States Wage Range: $110,000 – $155,000