Highlight Technologies

Cybersecurity/RMF Engineer

Job Locations US | US-VA-Ft. Belvoir

About Highlight

Know Way. Know How.

For over ten years, Highlight has provided Development and Modernization, Secure IT and Mission Solutions for our federal government customers. We know the technology; we understand the way our customers and their stakeholders work; and we know how to implement industry best practices for development and services, delivering end-to-end solutions that minimize risk and maximize results.


We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.


Highlight is looking for a Cybersecurity Engineer to support a Government client. You shall have hands-on experience in software security testing and monitoring information systems for potential risks/security gaps/unsecure activities; be capable of documenting and communicating these assessments to leadership; and meet the minimum labor category requirements described in Appendix A. You will take a security conscious view of computing to protect sensitive data, and shall be involved in every step of Toolchain development, ensuring that security best practices are being followed. You shall have in-depth knowledge of the DoD’s Risk Management Framework (RMF) and work to optimize a continuous RMF capability.


  • Maintain and improve the performance of existing security processes for development code, to include writing and updating software code and security processes IAW guidance provided in the
    Government’s roadmap.
  • Have hands-on experience in software security assessments, and be capable of documenting and communicating the outcome of these assessments to leadership.


  • Ability to obtain a Secret clearance.
  • Bachelors degree.
  • Advanced knowledge and hands-on experience in developing and implementing security for software programs.
  • 6 years of experience overall experience; 1+ years’ experience with DevSecOps tools and processes, including, but not limited to Git, Concourse, SonarQube, Fortify, and ThreadFix.
  • 2 years’ experience in some software development discipline, to include Java, Web services, Database, and/or web application development.
  • 3 years’ experience in software security assessments and/or reviews.
  • 2 years’ experience of reviewing software documentation, security findings/comments, and source code (if available) for accuracy, completeness, and associated risk.




Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.