Cyber Technical Engineer
Technomics, Inc. · Arlington, VA · 5 mo ago
On-siteInformation TechnologyFull-time
Overview
This position plays a critical role in implementing secure CI/CD pipelines, container security, and Risk Management Framework (RMF) compliance activities. The ideal candidate has foundational experience across DevSecOps, containerization, and security engineering and is eager to grow in a fast-paced, mission-critical environment.
Roles and Responsibilities
- Implement and maintain secure CI/CD pipelines using GitLab CI/CD and automation tools.
- Support the RMF process, including System Security Plan (SSP) development, control implementation, Plan of Action and Milestones (POA&M), and preparation for ATO (Authority to Operate).
- Support the development and maintenance of a DevSecOps automation framework for RMF compliance.
- Assist in the design, development, and deployment of secure containerized applications using Docker, Podman and Kubernetes.
- Apply DoD STIGs, CIS Benchmarks, and other hardening guides.
- Perform and integrate automated security scanning tools (e.g., SAST, SCA, DAST) and compliance checks into the CI/CD process.
- Write and maintain scripts in Python, Bash, and other languages to automate system tasks, scans, and reports.
- Collaborate with security, development, and operations teams to design secure, scalable infrastructure and workflows.
- Collaborate with development and security teams to remediate vulnerabilities and implement security best practices.
- Create and manage tickets in Jira, participate in Agile ceremonies, and support backlog grooming with technical input.
- Perform basic Linux system administration, configuration, and troubleshooting.
- Document system designs, security controls, and standard operating procedures.
- Map security controls to NIST 800-53 and other relevant DoD security standards.
- Stay up-to-date on the latest RMF guidance, security threats, and DevSecOps technologies.
Qualifications
- Bachelor’s degree in computer science, Cybersecurity, Information Systems, or a related technical field (or equivalent work experience).
- 1–3 years of hands-on experience in DevSecOps, Cybersecurity, or Cloud Engineering.
- Basic understanding of the NIST RMF and experience assisting in the ATO process.
- Experience with Docker, Podman, Kubernetes, and container orchestration platforms.
- Working knowledge of GitLab CI/CD pipelines and security automation tools.
- Familiarity with Linux commands and system administration.
- Scripting proficiency in Python and Bash.
- Exposure to vulnerability scanning tools like Nessus, and integration of SAST, SCA, DAST into DevOps pipelines.
- Experience applying STIGs, DISA SRGs, or hardening guidelines to systems.
- Strong communication skills, with the ability to document and present findings effectively.
- Knowledge of NIST SP 800-53, DoDI 8500.01, and DoDI 8510.01.
- Active DoW Secret Clearance (Desired).
Desired Qualifications
- Experience with eMASS or other GRC (Governance, Risk, and Compliance) Tools.
- Familiarity with DoW security policies and procedures.
- Experience with container security and Kubernetes security.
- Familiarity with cloud platforms (AWS, Azure).
- Exposure to infrastructure as code (IaC) using Terraform, Ansible, or similar tools.
- Experience with tools like SCAP, OpenSCAP, or ACAS.
- Familiarity with Agile/Scrum processes and tools (Jira, Confluence).
- Certifications such as IAT Level II/IAM Level I (e.g., CompTIA Security+), Certified Kubernetes Administrator (CKA), others as applicable.
- Familiarity with combat systems such as SSDS and AEGIS.
- A working knowledge of cyber regulations.