Назад
Company hidden
6 часов назад

Cybersecurity Assessment Engineer (Defense Tech)

125 000 - 140 000$
Формат работы
remote (только USA)
Тип работы
fulltime
Грейд
middle
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Cybersecurity Assessment Engineer (Cybersecurity/Defense Tech): Protecting infrastructure and platforms powering mission-critical software for national security with an accent on vulnerability scanning and security posture management. Focus on conducting technical security validations, managing authorization lifecycles, and translating NIST 800-53 controls into implementable technical requirements.

Location: Must reside in one of the approved hiring hubs: DC/Maryland/Virginia, Raleigh/Durham/Chapel Hill (NC), Denver/Colorado Springs (CO), or Dallas/Fort Worth (TX)

Salary: $125,000 – $140,000

Company

A public-benefit software company powering secure software development and deployment for the U.S. government and national security networks.

What you will do

  • Oversee software vulnerability scanning processes and provide actionable remediation guidance to development teams.
  • Conduct comprehensive technical security validations of cloud infrastructure, applications, and containers against DISA STIGs and CIS Benchmarks.
  • Author and maintain critical security artifacts, including System Security Plans (SSP) and Security Assessment Reports (SAR).
  • Manage Continuous Monitoring (ConMon) to ensure the platform maintains a robust and authorized security posture.
  • Implement technical workflows for Software Bill of Materials (SBOMs) to support continuous authorization standards.
  • Collaborate with DevOps and Software Engineering to translate NIST 800-53 controls into technical requirements.

Requirements

  • 3-5 years of relevant experience in cybersecurity and vulnerability risk analysis.
  • Hands-on experience securing services within AWS, Azure, or GCP, specifically in PaaS or Kubernetes environments.
  • Proficient knowledge of NIST SP 800-37 (RMF) and NIST SP 800-53 rev 5 security controls.
  • Deep understanding of the FedRAMP authorization process and Department of Defense (DoD) security standards.
  • Ability to attain DOD 8570 Baseline Certification for IAT II (preferably CYSA+) within 6 months of hire.
  • Experience creating and implementing incident response plans for application outages.

Nice to have

  • Extensive experience with Department of Defense DevSecOps practices and policies.
  • Proficiency with Docker, GitLab, Kubernetes, and scanning tools like Anchore or Trivy.
  • Ability to write basic scripts in Python or Bash for automation and data parsing.
  • Active Secret security clearance.

Culture & Benefits

  • 100% healthcare, vision, and dental coverage.
  • 401(k) with a 3% company contribution.
  • Equity incentive plan and discretionary bonuses.
  • Flexible paid time off and federal holidays.
  • Tech and office supplies stipend, plus an annual professional development budget.
  • Wellness perks including fitness classes and mental health resources.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →