Apply on Employer Site

RAPP · 23 hours ago

Security Engineer

Chicago, IL

Full-time

Hybrid

Mid Level

$81K/yr - $98K/yr

RAPP Chicago is a global precision marketing agency seeking a Security Engineer to join their Technology team. This role supports enterprise-wide security and compliance initiatives within a government cloud environment, ensuring ongoing compliance and security through continuous monitoring, vulnerability management, and collaboration with various stakeholders.

AdvertisingMarket ResearchMarketing

No H1B

U.S. Citizen Only

Responsibilities

Conduct and analyze vulnerability assessments using automated tools (e.g. Evaluate-STIG), interpret scan results, and coordinate remediation

Update RMF required documentation (SSP, SAR, POA&Ms), ensuring it accurately reflects current system status, vulnerabilities, and remediation actions to support ATO renewals and audits

Participate in technical change management and secure development processes, reviewing new features for security compliance

Support threat modeling activities for system changes, documenting risks and mitigation approaches working with the Security Architect

Use compliance/risk management tools (e.g. eMass) to maintain security and risk assessment evidence, track findings, and support remediation activities

Collaborate with and support the Security Architect, technical owners, ISSOs, engineers, and program management stakeholders to gather evidence, resolve findings, and verify secure implementation of security related changes

Prepare and deliver clear, concise security reports and briefings to security and technical stakeholders

Remain current on evolving DoD cybersecurity requirements, NIST guidance, AWS GovCloud security practices, and emerging threats

Qualification

RMF processesVulnerability assessment toolsAWS servicesNIST 800-53Cloud security certificationsTechnical writingAnalytical skillsProblem-solving skillsOrganizational skillsCommunication skillsCollaboration skillsTime management

Required

Experience supporting RMF processes and maintaining compliance documentation (NIST 800-53, ATO lifecycle)

Hands-on experience with vulnerability assessment tools (e.g. Evaluate-STIG), and AWS services

Strong analytical, problem-solving, organizational, and technical writing skills

Familiarity with vulnerability management, continuous monitoring, and secure change management in cloud environments

Demonstrated ability to communicate and collaborate effectively with both technical and program management teams

Experience working in or with consulting organizations and/or public sector clients is highly valued

One of the following certifications is required to qualify for this role, in accordance with DoD 8140/8570 requirements for cybersecurity positions (IAT Level II/III, IAM Level I/II, or CSSP Analyst/Auditor, as appropriate to assignment): CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), CAP (Certified Authorization Professional), CISA (Certified Information Systems Auditor), GSLC (GIAC Security Leadership Certification), CISSP (Associate or full, preferred for some assignments), Other DoD 8140/8570-approved certifications appropriate to the position and level

Candidates must maintain active certification status throughout employment. Additional or higher-level certifications may be required for advancement or based on project needs but are not necessary to apply for this role