Cybersecurity Assessment Engineer (Defense Tech)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Cybersecurity Assessment Engineer (Cybersecurity/Defense Tech): Protecting infrastructure and platforms powering mission-critical software for national security with an accent on vulnerability scanning and security posture management. Focus on conducting technical security validations, managing authorization lifecycles, and translating NIST 800-53 controls into implementable technical requirements.
Location: Must reside in one of the approved hiring hubs: DC/Maryland/Virginia, Raleigh/Durham/Chapel Hill (NC), Denver/Colorado Springs (CO), or Dallas/Fort Worth (TX)
Salary: $125,000 – $140,000
Company
A public-benefit software company powering secure software development and deployment for the U.S. government and national security networks.
What you will do
- Oversee software vulnerability scanning processes and provide actionable remediation guidance to development teams.
- Conduct comprehensive technical security validations of cloud infrastructure, applications, and containers against DISA STIGs and CIS Benchmarks.
- Author and maintain critical security artifacts, including System Security Plans (SSP) and Security Assessment Reports (SAR).
- Manage Continuous Monitoring (ConMon) to ensure the platform maintains a robust and authorized security posture.
- Implement technical workflows for Software Bill of Materials (SBOMs) to support continuous authorization standards.
- Collaborate with DevOps and Software Engineering to translate NIST 800-53 controls into technical requirements.
Requirements
- 3-5 years of relevant experience in cybersecurity and vulnerability risk analysis.
- Hands-on experience securing services within AWS, Azure, or GCP, specifically in PaaS or Kubernetes environments.
- Proficient knowledge of NIST SP 800-37 (RMF) and NIST SP 800-53 rev 5 security controls.
- Deep understanding of the FedRAMP authorization process and Department of Defense (DoD) security standards.
- Ability to attain DOD 8570 Baseline Certification for IAT II (preferably CYSA+) within 6 months of hire.
- Experience creating and implementing incident response plans for application outages.
Nice to have
- Extensive experience with Department of Defense DevSecOps practices and policies.
- Proficiency with Docker, GitLab, Kubernetes, and scanning tools like Anchore or Trivy.
- Ability to write basic scripts in Python or Bash for automation and data parsing.
- Active Secret security clearance.
Culture & Benefits
- 100% healthcare, vision, and dental coverage.
- 401(k) with a 3% company contribution.
- Equity incentive plan and discretionary bonuses.
- Flexible paid time off and federal holidays.
- Tech and office supplies stipend, plus an annual professional development budget.
- Wellness perks including fitness classes and mental health resources.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →