Cloud Security Engineer - Mid
ECS Corporate Services

Job Info

---

ECS is seeking a Cloud Security Engineer - Mid to work in our Washington D.C. office.

Job Description:

Understanding of open-source technologies including services like Jenkins, keycloak
Understand the implementation of Containerization at rest or information as code (IAC) within K8s deployment
Knowledge in scripting or programming and experience in establishing some sort of security enforcement (for network guys) or validating assertions (automated tester side)
General understanding of security compliance for information systems required by FISMA or 800-53 (not a deal breaker but would be willing to learn is preferable)
Experience in deploying CI/CD pipelines and implementing DevSecOps culture for driving automation and security
Experience providing security assessments for cloud-based platforms, such as AWS and Azure
Analyze and evaluate new cloud service accounts based on NIST 800-53 risk management framework
Run checks for each cloud service account, AWS, and Azure
Experience with performing Cybersecurity risk assessments and mitigation
Experience with Cloud and virtual environment security assessments
Experience with Linux Red Hat and/or CENTOS
DoD 8140 IAM or IAT Certification, including Security+ CE, CISM, CISSP, Cloud + or CASP
Experience with performing manual testing methods and procedures using STIGs, SRGs, and checklists

Required Skills:

• Active Top Secret Clearance with the capability of Obtaining SCI/CI-Poly if needed to meet contract requirements
• 5+ years of experience with Cybersecurity Security Control work, usually gained through experience performing the work of an Information System Security Officer (ISSO), Information System Security Engineer (ISSE), or Red/Blue Penetration testing experience
• 5+ years of expert understanding of NIST publications, including other regulatory guidelines, OMB, NSS, etc.
• 3+ years of experience with performing technical security assessments, including vulnerability assessments, security control reviews, and system configuration and log checks to support various audits
• 3+ years of experience with information security policy development, review, implementation, or interpretation.
• 3+ years of experience with planning and executing comprehensive Cybersecurity test events, including identifying applicable security controls, analyzing assessment procedures, and identifying and using required tools, including Retina, Burp, AppScanner, AppDetective, Samurai, Nessus, SecurityCenter, NMAP, Wireshark, Splunk or other log viewer, Assured Compliance Assessment Solution (ACAS), or Security Content Automation Protocol (SCAP)
• 3+ years of experience in working with federal or DoD government implementation of the NIST RMF for SAA
• 3+ combined experience of Penetration Testing or Persistent Penetration Testing, including sufficient knowledge of PT/PPT tools like Metasploit, and of concepts of PT methodologies
• Understanding of open-source technologies including services like Jenkins, keycloak
• Understand the implementation of Containerization at rest or information as code (IAC) within K8s deployment
• Knowledge in scripting or programming and experience in establishing some sort of security enforcement (for network guys) or validating assertions (automated tester side)
• General understanding of security compliance for information systems required by FISMA or 800-53 (not a deal breaker but would be willing to learn is preferable)
• Experience in deploying CI/CD pipelines and implementing DevSecOps culture for driving automation and security

Desired Skills:

• CISSP
• Cloud+
• Expert in Linux
• Experience in deploying containers. (Docker, Podman, Kubernetes use of deploying containers and Serices would be advanced)
• Experience with Gitlab or Jenkins or Bitbucket

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.

This job has expired.