Information Assurance Security Engineer

The Information Assurance Security Engineer will apply a full range of Information Assurance (IA) policies, principles, and techniques to ensure the security integrity of information systems processing sensitive or classified information. This role involves maintaining the operational security posture of information systems or programs, performing threat modeling exercises, and creating and maintaining comprehensive information system security documentation.

The Impact You Will Create:

This project supports the modernization of a large-scale federal disclosure and data management platform. The work involves designing, developing, and maintaining a secure, cloud-based system that improves how information is submitted, processed, and accessed by the public. The team will leverage Agile, DevSecOps, and user-centered design practices to deliver scalable, high-impact digital services that enhance transparency, compliance, and accessibility. Efforts include building modern APIs and web interfaces, implementing Zero Trust security, automating testing and deployments, and driving continuous improvement through cloud-native and AI-enabled solutions.

Your Responsibilities in This Role:

• Work closely with system administrators, network engineers, developers, and other stakeholders to ensure integrated security solutions that support organizational and mission objectives.
• Implement and oversee information assurance (IA) policies and principles to protect information systems and data.
• Ensure compliance with FISMA, FedRAMP, NIST 800-53/63, and other applicable federal and organizational security standards.
• Maintain the operational security posture for assigned systems, continuously monitor vulnerabilities, and respond to security incidents.
• Implement and maintain Zero Trust architectures and attribute-based access controls (ABAC) in accordance with federal guidance.
• Conduct threat modeling, risk assessments, and security audits to identify, document, and mitigate potential vulnerabilities.
• Integrate automated security testing and vulnerability scanning tools into CI/CD pipelines to support continuous monitoring and early detection.
• Collaborate with DevSecOps teams to implement secure-by-design and secure-by-default principles throughout the development and deployment lifecycle.
• Support and maintain continuous security posture monitoring, alerting, and remediation across cloud-based systems.
• Prepare, review, and maintain all required security documentation for the Authorization to Operate (ATO) process, including System Security Plans (SSP), POA&Ms, and risk assessments.
• Support the creation and maintenance of privacy compliance documentation, including Privacy Impact Assessments (PIAs) and System of Records Notices (SORNs).
• Manage audit logging, SIEM integration, and forensic investigations to support incident response and compliance verification.
• Provide security awareness training and technical guidance to team members to ensure adherence to security policies and best practices.
• Stay current on emerging cybersecurity threats, technologies, and federal security guidance, and apply this knowledge to enhance system resilience and compliance.

Skills and Qualifications We Require at Fearless:

At Fearless, we seek candidates who blend technical know-how with sharp problem-solving and advisory skills to drive real impact in the communities we serve. Here are the key qualifications for this role.

• 7+ years of experience in information assurance, cybersecurity, or related roles.
• Ability to obtain and maintain a Public Trust clearance.
• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Experience with AWS cloud security, including IAM, KMS, WAF, CloudWatch, and containerized environments (ECS/EKS).
• Experience securing cloud-native architectures, including API gateways, serverless environments, and configuration-driven systems.
• Familiarity with Infrastructure-as-Code (IaC) security and best practices for AWS CloudFormation/CDK. Strong working knowledge of FISMA, FedRAMP, NIST 800-53/63, and Zero Trust architectures.
• Demonstrated experience supporting the Authorization to Operate (ATO) process and producing compliance documentation (SSP, POA&M, PIA).
• Experience integrating security testing and monitoring into CI/CD pipelines in a DevSecOps environment.
• Experience implementing security automation and continuous monitoring solutions within cloud environments.
• Strong understanding of SIEM, vulnerability management, IDS/IPS, and incident response processes.
• Experience documenting security postures and network boundaries for ATO processes; familiarity with Azure environments and Kotlin-based applications preferred
• Experience managing security and privacy for systems handling sensitive data, including PII and PHI.
• In-depth understanding of information assurance principles, cybersecurity frameworks, and regulatory requirements.
• Experience with threat modeling and risk management practices.
• Strong analytical, problem-solving, and communication skills.
• Ability to work independently and collaboratively in a fast-paced, Agile environment.
• Knowledge of emerging cybersecurity threats and trends.
• Familiarity with common security tools and technologies such as SIEM, IDS/IPS, and vulnerability management tools.
• Relevant certifications preferred: CISSP, CISM, CEH, Security+, or AWS Security Specialty

Physical Requirements:

• Ability to sit for extended periods while working on a computer or during meetings.
• Must be able to travel occasionally to client sites or company meetings.
• Ability to communicate effectively via phone, email, and in-person, requiring clear speech, listening, and written communication skills.
• Ability to move within an office environment, including reaching for files, using office equipment, and occasional light lifting (up to 10 pounds).

Life at Fearless

We're a digital integration consultancy on a mission to build a better tomorrow. At Fearless, we combine technology, people, and organizational development to solve meaningful problems. Through iterative development, we deliver smart, user-friendly solutions that make tech work better-for everyone.

But great tech is just part of the story. What really makes us Fearless is our Purple Culture.

What Makes Us Purple?

Being Purple means you:

• Are valued as a whole person-not just a job title
• Get matched with work that plays to your strengths and passions
• Are supported by coaches, not micromanagers
• Have the autonomy and clarity to make decisions and drive impact
• Join a community that celebrates equity, curiosity, and innovation
• Do work that matters-every day

We believe in flexibility, growth, and balance. Our benefits and culture are designed to support you in doing your best work-while making space for what matters to you outside of it.

We're proud to be an equal opportunity employer. At Fearless, we're building a workplace that welcomes and respects everyone-across race, gender, age, religion, identity, background, and ability.

Compensation at Fearless

Fearless is committed to providing a competitive compensation package that will meet your current and future needs. Our philosophy is aimed at rewarding team member contributions, supporting long-term financial growth and security, and overall well-being.

We believe in paying people fairly, so we've established a compensation model aimed to ensure everyone at Fearless - regardless of race, ethnicity, gender, sexual orientation, disability, religion, age, nationality, or willingness/ability to negotiate - is consistently paid fairly based on alignment to the needs and requirements of the role.

The salary range for this position is:

Minimum Salary: $102,540

Salary Midpoint: $133,302

Maximum Salary: $164,064

Hiring Range for Role: $102,540 - 133, 301

*For part-time roles, the salary will be pro-rated based on the full-time equivalent salary ranges listed above.

Benefits at Fearless

At Fearless, we take care of our team-because when you're supported, you can do your best work. We offer a flexible, family-friendly environment with benefits designed to support your health, growth, and life outside of work.

For Full-Time Team Members (Starting Day One):

• Flexible, life-friendly schedules
• 100% coverage for our medical HSA plan + HSA contributions
• Dental & vision covered 100% for you and your dependents
• Competitive premiums for HMO/PPO and dependent coverage
• 401(k) with 4% match & immediate vesting
• Paid Parental Leave and 12 weeks paid FMLA
• Generous PTO, 11 Federal Holidays, a Birthday Holiday, and Sick Leave
• Up to 15 days for Jury Duty and Bereavement Leave
• Education, wellness, and tech allowances
• Referral bonus: $6K-$12K for each successful referral
• Pet insurance & discount plans
• Employee Assistance Program (EAP)
• Legal support, life insurance, disability coverage

Part-Time & Interns:

• 8.75 days of safe & sick leave annually
• Eligible for our 401(k) plan with employer contributions

Reasonable Accommodations

Fearless is committed to providing reasonable accommodations for applicants and candidates with disabilities. If a reasonable accommodation is needed to participate in the job application or interview process, please contact the Human Resources Department at hr@fearless.tech.

So, What's Next?

We've refined our hiring approach to make sure every team member is a great fit for Fearless-and that we're a great fit for you, too. If there's alignment, we'll reach out to kick off the interview process. Depending on the role or project, your experience may vary slightly, but it typically includes:

Introductory Interview

You'll connect with a recruiter to:

• Build rapport and get to know each other
• Review your experience and skills
• Talk through salary expectations and role details
• Set expectations for the rest of the process

Skills + Business Fit Interview

This is where we dig deeper to:

• Review findings from any technical assessments
• Walk through situational and values-based questions
• Explore how your approach aligns with Fearless culture and project needs

Some roles may also include customer interviews based on specific project requirements in addition to background check and security clearance requirements.