Senior Security Engineer
Oddball believes that the best products are built when companies understand and value the things they are working on. We value learning and growth and the ability to make a big impact at a small company. We believe that we can make big changes happen and improve the daily lives of millions of people by bringing quality software to the federal space.
We are hiring a Senior Security Engineer to work on a pivotal Federal program that is making a positive impact on millions of Americans' daily lives.
What you'll be doing:
As a Senior Security Engineer you will lead security engineering efforts to safeguard systems and data critical to veterans’ healthcare and benefits. You will work closely with application development teams to embed security into software lifecycles, ensure compliance with federal standards, and support all phases of the Authorization to Operate (ATO) process. Your responsibilities will span security architecture, risk management, monitoring, and continuous compliance in cloud, hybrid, and on-premise environments.
Key Responsibilities:
Design and implement security controls and solutions across VA enterprise systems and applications
Partner with application development teams to integrate security requirements into design, development, and deployment cycles
Support and lead efforts related to obtaining and maintaining Authority to Operate (ATO), including development of System Security Plans (SSPs), Pan of Action and Milestones (POA&Ms), and control documentation
Conduct risk assessments, vulnerability scans, and threat modeling per NIST SP 800-53 and VA Handbook 6500
Actively participate in Agile/DevSecOps pipelines to ensure security is applied throughout the CI/CD lifecycle
Respond to security incidents, investigate anomalies, and coordinate with Cybersecurity Operations Center (CSOC) and stakeholders for resolution
Implement and maintain monitoring and detection tools (e.g., Splunk, ACAS, Nessus) to support continuous diagnostics and mitigation (CDM)
Ensure systems comply with FISMA, HIPAA, FedRAMP, and VA-specific security requirements
Review and assess third-party solutions for compliance and integration into VA’s secure architecture
Provide mentorship and technical guidance to junior engineers and ensure knowledge sharing across teams
What you’ll bring:
Proven experience collaborating with application teams on secure software development practices
Strong familiarity with the full ATO lifecycle and RMF process, including documentation and continuous monitoring
Deep understanding of NIST SP 800-53, FISMA, FedRAMP, and HIPAA regulatory frameworks
Proficiency in securing cloud platforms such as AWS GovCloud and Azure Government
Experience with vulnerability management and scanning tools (Nessus, ACAS)
Familiarity with Security Information and Event Management (SIEM) platforms and log analysis (e.g., Splunk, ELK Stack)
Solid scripting/automation skills (e.g., Python, PowerShell, Bash, GHA) for implementing security controls
Excellent communication skills for cross-functional collaboration and stakeholder reporting
Performs other related duties as assigned.
Preferred Certifications:
CISSP, CAP, CEH, CISM, or other DoD 8570 baseline certifications
Experience with VA Electronic Health Record system (EHR) modernization or other large-scale federal application environments
Requirements:
Must be a US Citizen and able to work domestically
Must be able to attain low-level security clearance
Education:
Bachelor's Degree
Benefits:
Fully remote
Annual stipend
Comprehensive Benefits Package
Company Match 401(k) plan
Flexible PTO, Paid Holidays
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities:
Oddball is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact an Oddball HR representative to request such an accommodation by emailing hr@oddball.io
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
Compensation:
At Oddball, it’s important each employee is compensated competitively and fairly. In alignment with state legal requirements. A range for the included position is listed below. Be advised, actual offer details are determined by job category, job location, and candidate skill level.
United States Wage Range: $110,000 – $155,000
About the job
Apply for this position
Senior Security Engineer
Oddball believes that the best products are built when companies understand and value the things they are working on. We value learning and growth and the ability to make a big impact at a small company. We believe that we can make big changes happen and improve the daily lives of millions of people by bringing quality software to the federal space.
We are hiring a Senior Security Engineer to work on a pivotal Federal program that is making a positive impact on millions of Americans' daily lives.
What you'll be doing:
As a Senior Security Engineer you will lead security engineering efforts to safeguard systems and data critical to veterans’ healthcare and benefits. You will work closely with application development teams to embed security into software lifecycles, ensure compliance with federal standards, and support all phases of the Authorization to Operate (ATO) process. Your responsibilities will span security architecture, risk management, monitoring, and continuous compliance in cloud, hybrid, and on-premise environments.
Key Responsibilities:
Design and implement security controls and solutions across VA enterprise systems and applications
Partner with application development teams to integrate security requirements into design, development, and deployment cycles
Support and lead efforts related to obtaining and maintaining Authority to Operate (ATO), including development of System Security Plans (SSPs), Pan of Action and Milestones (POA&Ms), and control documentation
Conduct risk assessments, vulnerability scans, and threat modeling per NIST SP 800-53 and VA Handbook 6500
Actively participate in Agile/DevSecOps pipelines to ensure security is applied throughout the CI/CD lifecycle
Respond to security incidents, investigate anomalies, and coordinate with Cybersecurity Operations Center (CSOC) and stakeholders for resolution
Implement and maintain monitoring and detection tools (e.g., Splunk, ACAS, Nessus) to support continuous diagnostics and mitigation (CDM)
Ensure systems comply with FISMA, HIPAA, FedRAMP, and VA-specific security requirements
Review and assess third-party solutions for compliance and integration into VA’s secure architecture
Provide mentorship and technical guidance to junior engineers and ensure knowledge sharing across teams
What you’ll bring:
Proven experience collaborating with application teams on secure software development practices
Strong familiarity with the full ATO lifecycle and RMF process, including documentation and continuous monitoring
Deep understanding of NIST SP 800-53, FISMA, FedRAMP, and HIPAA regulatory frameworks
Proficiency in securing cloud platforms such as AWS GovCloud and Azure Government
Experience with vulnerability management and scanning tools (Nessus, ACAS)
Familiarity with Security Information and Event Management (SIEM) platforms and log analysis (e.g., Splunk, ELK Stack)
Solid scripting/automation skills (e.g., Python, PowerShell, Bash, GHA) for implementing security controls
Excellent communication skills for cross-functional collaboration and stakeholder reporting
Performs other related duties as assigned.
Preferred Certifications:
CISSP, CAP, CEH, CISM, or other DoD 8570 baseline certifications
Experience with VA Electronic Health Record system (EHR) modernization or other large-scale federal application environments
Requirements:
Must be a US Citizen and able to work domestically
Must be able to attain low-level security clearance
Education:
Bachelor's Degree
Benefits:
Fully remote
Annual stipend
Comprehensive Benefits Package
Company Match 401(k) plan
Flexible PTO, Paid Holidays
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities:
Oddball is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact an Oddball HR representative to request such an accommodation by emailing hr@oddball.io
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
Compensation:
At Oddball, it’s important each employee is compensated competitively and fairly. In alignment with state legal requirements. A range for the included position is listed below. Be advised, actual offer details are determined by job category, job location, and candidate skill level.
United States Wage Range: $110,000 – $155,000