Cybersecurity Engineer

5 days ago

Apply Now

Receive Emails with Similar Jobs

Raft

WebsiteLinkedInAll Job Openings

Accelerating agile federal innovation through open source DevSecOps, data analytics, and human-centered design.

51 - 200

Description

• Oversee the implementation of security controls in line with organizational policies and regulatory requirements. • Conduct regular security audits, vulnerability assessments, and risk assessments for cloud-based environments. • Maintain System Security Plans (SSP), Plan of Actions and Milestones (POAM), and ensure system compliance with relevant security standards. • Ensure continuous monitoring and incident response processes are in place, including reviewing security logs, investigating security events, and managing security incidents. • Participate in security authorization processes, ensuring that systems achieve Authority to Operate (ATO). • Support the development of security documentation such as Security Assessment Reports (SARs), System Boundary Diagrams, PPS Lists, and Security Control Traceability Matrices (SCTM). • Collaborate with development teams to embed security tools and processes into DevSecOps pipelines, enhancing the security posture from the start of development. • Provide guidance on the secure use of AWS cloud security offerings (CloudTrail, GuardDuty, Inspector, etc.), as well as containerization and orchestration technologies like Kubernetes and Docker. • Occasionally work in classified environments such as Closed Areas or SCIFs (Sensitive Compartmented Information Facilities) as needed. • Stay current with evolving security standards, technologies, and industry trends, ensuring the organization remains ahead of emerging threats.

Requirements

• 2+ years of experience implementing IAM, SIEM, IaC, and CaC solutions such as Okta, Keycloak, Splunk, ELK, Terraform, Puppet, Chef, or MITRE SAF • 2+ years of experience configuring & maintaining security tooling such as vulnerability & compliance scanners, SAST & DAST, EDR, audit logging, etc. • 2+ years of experience with AWS cloud security offerings such as CloudTrail, CloudWatch, Inspector, GuardDuty, Shield, Secrets Manager, etc. • Understanding of secure network & system architectures, virtualization & cloud technologies, application security, encryption technologies, and IPS/IDS technologies • Experience with defense-in-depth security engineering and conducting security testing against the environment • Working knowledge of DevSecOps methodologies & implementing security tooling within CI/CD pipelines • Familiarity with containerization technologies such as Kubernetes & Docker and related scanning tools such as TwistLock, Trivy, Zarf, JFrog Xray, or Anchore • Understanding of on-prem & cloud-based Linux & Windows systems hardening using DISA STIGs & SRGs or other industry best practices • Hands-on experience with relevant security documentation such as SBOMs, PPS lists, data flow & network diagrams, and SSPs • Willing to occasionally work in a classified environment such as a Closed Area or SCIF on a quarterly basis • Stay current with industry trends, making recommendations as needed to help the company excel • Obtain CompTIA Security+ or other DoD 8570 IAT Level II or higher certification within the first 90 days of employment with Raft

Benefits

• Highly competitive salary • Fully covered healthcare, dental, and vision coverage • 401(k) and company match • Take as you need PTO + 11 paid holidays • Education & training benefits • Annual budget for your tech/gadgets needs • Monthly box of yummy snacks to eat while doing meaningful work • Remote, hybrid, and flexible work options • Team off-site in fun places! • Generous Referral Bonuses • And More!