Cyber Engineer

LMI is seeking a Journeyman Cybersecurity Engineer to support the U.S. Army Center for Initial Military Training's (CIMT) Holistic Health & Fitness Management System (H2FMS). H2FMS is a secure analytics environment operating in Army GovCloud, integrating the vendor-provided H2F data capture application with cloud hosting, data pipelines, AI/ML models, and user interfaces supporting Soldier and unit readiness. This position requires the ability to obtain and maintain a Secret clearance. You must be a U.S. citizen.

The Cybersecurity Engineer will support the Senior ISSM, Cloud Architect, DevSecOps team, and cybersecurity operations to ensure H2FMS meets all RMF, continuous ATO (cATO), and Zero Trust requirements. This is a hands-on role focused on compliance, security engineering, vulnerability management, logging/monitoring, and implementing security controls across the H2FMS system.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors-helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

Implement and maintain cybersecurity controls required under RMF, NIST 800-53, and Army cybersecurity policy.
• Support secure configuration of cloud services, network components, identity/access controls, and application interfaces.
• Apply DISA STIGs, SCAP tools, and vulnerability remediation practices across the environment.
• Assist in implementing Zero Trust principles for access management, micro segmentation, and continuous verification.
• Validate secure data flows and connections between the vendor's H2F data capture application and H2FMS in Army GovCloud.
• Support cybersecurity reviews of interface configurations, API integrations, encryption settings, and boundary protections.
• Coordinate with Data Engineers, Cloud Engineers, and the ISSM to ensure end-to-end secure integration.
• Conduct regular vulnerability scans (Nessus, OpenVAS, etc.) and assist with patch management across environments.
• Track, document, and help remediate findings in POA&Ms.
• Support log collection, SIEM configuration, and review of security events for anomalies.
• Assist in continuous monitoring activities required for cATO compliance.
• Contribute to RMF documentation including SSP components, SAR evidence, risk assessments, and configuration baseline updates.
• Support the Senior ISSM in preparing audit packages, evidence submissions, and compliance documentation.
• Assist the Senior DevSecOps Engineer in integrating security scanning tools into CI/CD pipelines.
• Support maintenance of security testing (SAST, SCA, container scans) and automated compliance checks.
• Help evaluate code, infrastructure, and configuration changes for security impact.
• Assist with incident response investigations, triage, and reporting.
• Support containment, remediation, and follow-up actions.
• Participate in tabletop exercises and operational security drills.
• Work closely with Cloud Architects, DevSecOps Engineers, Data Engineers, and UI/UX developers to ensure secure design.
• Participate in Agile sprints, backlog refinement, and technical planning sessions.
• Provide cyber input to engineering decisions and environment changes.

Required Qualifications

• Bachelor's degree in Cybersecurity, Information Assurance, Computer Science, Engineering, or a related field.
• 3-6 years of experience in cybersecurity engineering, cyber operations, or information assurance.
• Experience with:
• RMF security controls
• DISA STIGs and secure configuration baselines
• Vulnerability scanning and remediation
• Cloud security practices (AWS GovCloud, Azure IL4/IL5 preferred)
• Basic familiarity with Zero Trust principles and secure identity/access management.
• Ability to work collaboratively with technical teams in Agile environments.
• DoW 8140 elevated privilege certification (Security+, CCNA Security, CySA+, etc.).
• Ability to obtain and maintain a Secret clearance. You must be a U.S. citizen.
• Location: Remote.
• Travel: Ability to travel to Fort Eustis, VA or LMI HQ in Tysons, VA 1-2 times per quarter for planning, testing, and stakeholder collaboration.

Desired Qualifications

• Experience supporting DoW cloud systems or Army cyber requirements.
• Experience working in DevSecOps or CI/CD environments.
• Familiarity with log analytics and SIEM tools (CloudWatch, Sentinel, ELK, Splunk).
• Experience supporting ATO packages or continuous monitoring activities.
• Additional certifications such as CEH, CHFI, SSCP, or cloud security certifications.