Cybersecurity Engineer
CMT Services Inc · District of Columbia, United States
Business Consulting and Services · 51-200 employees
About the role
The Cybersecurity Engineer designs and maintains enterprise security controls based on Zero Trust principles across cloud, network, and endpoint environments. Key duties include managing IAM solutions, continuous monitoring, and ensuring compliance with NIST standards to strengthen the organization's security posture.
What they look for
Requirements
Candidates must have hands-on experience with NIST SP 800-53/800-207, IAM, SIEM, and securing AWS/Azure hybrid environments. A Bachelor's degree in IT, Cybersecurity, or a related field is required, along with U.S. Citizenship or Permanent Residence.
Full description
ABOUT US:
CMT Services Inc. is a dynamic and small business supporting Federal, State, and Local government agencies. As an SBA-certified HUBZone, Woman Owned Small Business (WOSB), we deliver quality, professional services to support the missions and strategic business goals of our clients.
Position Title: Cybersecurity Engineer
Location:
US Congressional Budget Office
Ford House Office Building, 4th floor
2nd St SW, 441 D St SW
Washington, DC 20024
Period of Performance:
08/15/2026 - 08/14/2031
Place of Performance:
Remote work is authorized under this contract; however, at CBO’s discretion, contractor employees may be required to work on-site at CBO facilities without reimbursement for related travel or expenses.
Security Clearance
Public Trust (Tier 2)
Citizenship
U.S. Citizenship or Permanent Residence status
Position Summary: The Cybersecurity Engineer designs, implements, and maintains enterprise security controls that enforce Zero Trust — identity-centric access, least-privilege enforcement, continuous monitoring, and threat detection across cloud, network, and endpoint environments — ensuring security technologies and services are configured, hardened, and continuously monitored to strengthen CBO’s posture and detection/response capabilities.
Key Responsibilities:
- Support implementation, operation, and optimization of enterprise security platforms across cloud, on-premises, and hybrid environments.
- Implement/maintain controls aligned with NIST SP 800-53 (AC, CM, SC, AU, IR, SI families) and NIST SP 800-207 Zero Trust.
- Design/maintain least-privilege access — RBAC, privileged access management (PAM), and MFA across enterprise systems.
- Configure/manage IAM solutions; integrate with enterprise identity providers for secure authentication/authorization.
- Configure/maintain centralized logging, monitoring, and audit; integrate with enterprise SIEM; comply with retention policies.
- Conduct continuous monitoring, vulnerability assessment, and risk analysis aligned with NIST RMF; harden systems/apps/cloud to secure baselines.
- Secure cloud/hybrid environments (AWS, Azure) — security services, identity controls, network protections, workload security.
- Identify/remediate vulnerabilities; coordinate patching/mitigation; support IR (alert monitoring, analysis, containment, forensic collection).
- Maintain segmentation/access strategies to limit lateral movement; follow formal change management with security impact analysis.
- Develop/maintain cybersecurity SOPs, system configurations, baselines, and asset inventories; perform RCA; support 24/7 monitoring (SIEM, EDR/XDR, cloud-native tools).
- Collaborate with network, cloud, and application teams; serve as technical resource for advanced service desk and security issues
Required Qualifications:
- Hands-on experience engineering enterprise security controls across cloud, network, and endpoint per NIST SP 800-53 and NIST SP 800-207 Zero Trust.
- Experience with IAM, RBAC, PAM, and MFA, and integration with enterprise identity providers.
- Experience with SIEM and EDR/XDR — centralized logging, continuous monitoring, threat detection, triage, containment, and forensic collection.
- Experience with vulnerability management, NIST RMF risk analysis, secure-baseline hardening, and patch/mitigation coordination.
- Experience securing AWS and Azure cloud/hybrid environments and supporting audit readiness, SOPs, RCA, and 24/7 operations.
Education:
- Bachelor’s degree in IT, Cybersecurity, or related field
Required Documents
- Letter of Commitment
Join Our Team:
At CMT Services, we believe that extraordinary results come from empowering exceptional people. If you're ready to lead innovative projects, solve complex challenges, and contribute to meaningful infrastructure development while advancing your career in a supportive, collaborative environment, we want to hear from you.
Disclaimer:
By submitting your resume for this job posting, you authorize CMT Services, Inc. to forward your resume to all applicable internal and external managers, agencies, and recruitment personnel for review and consideration to hire.