Cloud Security Engineer

OneZero Solutions - Fort Meade, MD

Full-timeEstimated: $120,000 - $170,000 a year
Title: Cloud Security Engineer

Location: Reston, VA or Washington, DC

Clearance: TS/SCI with the ability to obtain and maintain a CI polygraph

Plan, research, design and model robust Enterprise Security Architectures for systems hosted on traditional data centers and on cloud providers such as Amazon Web Services AWS, Microsoft Azure, etc.
Develop security engineering requirements, procedures and policies for on-prem, cloud/container-based systems
Conduct applied security research on security standards, authentication tools and protocols in support of cloud/container-based systems using Identity and Access Management IdAM systems using public key infrastructures PKIs and PKI-Enabling PKI/E technologies
Identify COTS/GOTS Systems integration issues, security control implementation deficiencies and recommend enhancements to bolstering security posture
Acquire a complete understanding of a customer's technology and information systems
Perform vulnerability testing, risk and security assessments using penetration tester mindset
Conduct in-depth security engineering reviews and approve proposed systems/application security control implementations used for systems hosted in cloud/container-based providers such as AWS, Azure, OpenShift and Kubernetes
Provide technical supervision for and guidance to a security team
Oversee security awareness programs and educational efforts
Test final security structures to ensure they behave as expected
Deliver technical reports and formal papers on test findings

Key Skills:
Consulting and professional services using Agile and DevOps methodologies
Security Research and Development R&D
Infrastructure Automation tooling to building and delivering secure systems delivery chain
Cloud and container security penetration and vulnerability testing
Networking, firewall and intrusion detection/prevention protocols
Computer Network Defense, ethical hacking and threat modeling
Identity and access management principles using PKI and PKI/E
Application security and encryption technologies
Enterprise system and security engineering and architecture
Implementing Risk Management Framework RMF in high-risk network environment
Practices and methods of IT strategy, enterprise architecture and security architecture

Key Technology Familiarity:
Hardening Operating Systems OS such as Windows, UNIX and Linux
Cloud security implementations using providers AWS and Azure
Container-based security implantation using Kubernetes, OpenShift and Docker
Database security in relational MySQL/MsSQL and non-relational MongoDB platforms
Network security enforcement points Cross Domain Solutions, Firewall, IDS/IPS, Network Access Control and Network Gateways
Configuration Management tools such as Git, GitLab, GitHub, Bitbucket
Virtualization technologies from VMware, Microsoft and Red Hat
Encryption technologies and standards
DevOps tools such as SaltStack, Terraform, Puppet, Ansible, Chef,
Infrastructure Cloud formation, YAML, JSON, Bash, Python, or other programming languages
Technical project management tools such as ServiceNow and Jira

Bachelor's Degree in Computer Science, Software Engineering, Systems Engineering, Information Systems or a related technical discipline with 5+ yrs. of related work experience; an additional 4 years of work experience may be substituted in lieu of a degree
Strong knowledge of PKI and PKI-Enabling technologies
systems architecture/engineering supporting data science projects a plus
Excellent written and oral communication skills a must, with the ability to work independently or as a member of a team; must be comfortable working with personnel on all levels of an organization
Must possess current DoD 8570 IAT III certification or be able to obtain within 90 days of start date
Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraph