Job Description
Job Description
Security Test Engineer - Cloud Operations
LOCATION : Primarily remote, but would need to be in Washington DC, Maryland, and Virginia (DMV) for any onsite installations
CLEARANCE LEVEL : TS / SCI with polygraph
Who YOU are :
As a Security Test Engineer - Cloud Operations at Plus3 IT Systems, you :
- Are passionate about working on cutting-edge, high-profile projects and are motivated by delivering solutions on an aggressive schedule
- Aren't satisfied with status quo, and regularly look for creative ways to solve problems and help your team meet commitments
- Are insatiably curious – you ask why, you explore, and you're not afraid to blurt out your crazy idea
- Are a strong self-performer that also flourishes in a team setting; and love the ability to work on multiple clients / projects simultaneously
- Love learning new technologies and sharing them with your team
- Have a keen interest in using any and all appropriate tools, especially Cloud-based and Open Source, to solve the problem at hand
- Have strong verbal and written communication skills, due to the dynamic nature of collaborations with customers, vendors, and other engineering teams to solve complex business problems together
- Use your experience and leadership skills to motivate your teammates to deliver high quality results in a fast-paced work environment
- Are obsessed with automation, simplicity, and smooth-running systems
Who We Are :
A 2023 "Top Work Places" recipient (https : / / topworkplaces.com / company / plus3 -it-systems / )A company committed to your training, technical experience growth, and well beingUniquely positioned and ready to expand, with your help, into more complex and technically challenging environmentsBuilt upon subject matter expertise supporting the Federal Government with a focus on Cloud Adoption, Cloud Security, Cloud Enabled Data Analytics, Cloud Native Application Development, and DevSecOpsA small business with big partners such as Amazon Web Services, Microsoft (Azure), and Google (Cloud Platform) and other technology partners;ImmutaDatabricksGitLabRedHatMultiple Prime contract holder (GSA, SITE III, JAIC DRAID, and NDE)Always a committed partner with our customers and laser-focused on their missionRESPONSIBILITIES :
Design, develop, build, and implement high impact solutions using best practices to solve customers' diverse challenges across the department of defense and national security landscapeGenerate and maintain the complete security Body of Evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systemsAuthor, complete and maintain the System Security Plan (SSP) within XACTADevelop the Security Controls Traceability Matrices (SCTM), and the Security Test Plan (STP) procedures within Xacta.Analyze existing security systems and make recommendations for changes or improvementsAutomate continuous security and performance testing and monitor health of ACAS and STIG evaluationLead testing efforts and shuttle projects through the RMF process to attain Authority to Operate (ATO)KNOWLEDGE AND SKILLS :
Experience working with software developers and architects to understand security requirementsExperience guiding the application developers on security policy, identifying security requirements, providing technical guidance for the satisfaction of requirementsExperience creating and managing the plan of action and milestones (POA&Ms), and working with project managers and engineers to develop schedules and engineering actions that mitigate open findingsExperience supporting the Continuous Monitoring of operational systems; experience monitoring and auditing operational systems for proper useExperience with engineering solutions within a cloud environment (primarily AWS)Possesses knowledge of infrastructure, application programming, and web and software applicationsExperience working on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledgeExperience with Vulnerability Analysis and Review (ACAS, TwistLock, SonarQube)Knowledge of DISA STIGs and STIG Viewer experienceExperience with developing Risk Management products and working through system authorization through the RMFAble to work independently and autonomously while possessing strong communication and collaboration skillsExperience with software security testing & assessment and Network Vulnerability Management & Compliance MonitoringDemonstrated understanding of modern processing techniques on CPUs, including vectorization, pipelining, and cachingExperience with TerraformExperience with Kubernetes (containerization solutions)Experience programming in two or more software programming languagesExperience with delivering modern technology stacks using cloud services, such as microservices and infrastructure-as-codeEDUCATION AND EXPERIENCE :
Bachelor's degree in computer science or related technical field is required for senior role10 years of related experience is requiredCustomer facing skills with ability to drive discussions with customer engineers as well as senior stakeholdersFamiliarity with public sector, governance and compliance in the cloud, Risk Management Framework, NIST SP 800-53, FEDRAMP, DOD cloud computing security requirements guide (CC SRG), DOD secure cloud computing architecture (SCCA), DOD architecture framework (DODAF), and other relevant frameworksOther :
Plus3 IT Systems is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity / Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, contact hr@plus3it.com [include name and / or department, telephone, and e-mail address].
The health and safety of our employees and their families is a top priority. With the continuing impacts of COVID-19 around the world, we are taking action to protect the health and well-being of our colleagues and maintain the safety of the communities where we operate. As a federal contractor, we are required to stay in compliance with Executive Order 14042 with the most up to date information provided at the following link (https : / / www.saferfederalworkforce.gov / contractors / ).
Pay Transparency Notice : Executive Order 11246 requires government contractors to notify applicants and employees of their rights, subject to certain limitations, to discuss, disclose or inquire about compensation or compensation information. Plus3 IT Systems will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge; (b) in furtherance of an investigation, proceeding, hearing or action, including an investigation conducted by the employer; or (c) consistent with Plus3 IT Systems' legal duty to furnish information.
