Jobs · Information Technology · Virginia

Secure Infrastructure Engineer

Dark Wolf · Herndon, VA · 1 mo ago
Information Technology$150k–$180k/yrFull-time

About the role

The Secure Infrastructure Engineer will design, harden, and automate the deployment of secure baseline images for a major medical technology client. This role involves working within a surgical engineering team to define and build "Gold Images" that balance strict federal compliance with operational functionality.

Responsibilities

  • Designing and creating hardened "Gold Images" for core technologies including Windows Server 2025, Windows 11, and MS SQL.
  • Automating the application of DISA STIGs and CIS Benchmarks using PowerShell, Ansible, or similar scripting tools.
  • Integrating secure baselines into a centralized artifact repository for consumption by product teams.
  • Developing and maintaining documentation for security policies, configuration changes, and exception handling.
  • Collaborating with offensive security teams to validate image resilience against vulnerabilities.
  • Analyzing vulnerability scan results (from tools like Nessus or proprietary pipelines) and remediating configuration drift.
  • Deploying and maintaining a centralized artifact repository on cloud-native architecture (AWS/Azure).
  • Building and maintaining CI/CD pipelines to automate the ingestion, scanning, and publishing of secure container images.
  • Integrating low-CVE base images (e.g., via Chainguard) into the development supply chain.
  • Implementing and managing automated compliance scanning tools (SAST/DAST/Fuzzing) within the build pipeline.

Requirements

  • Bachelor’s degree in IT Security, Information Systems, or equivalent
  • Minimum of 4+ years of experience in Systems Engineering, Infrastructure Operations, or working with commercial cloud providers (AWS, Azure, or GCP)
  • Deep expertise in Windows Server and Desktop administration and configuration
  • Proven experience applying and managing DoD DISA STIGs or CIS Benchmarks in an enterprise environment
  • Extensive experience with Containerization (Docker, Kubernetes) and Container Security
  • Strong proficiency in scripting and automation (PowerShell, Python, Ansible, or Terraform) to enforce security configurations
  • Solid problem-solving skills and the ability to troubleshoot complex application failures caused by security hardening

Qualifications

  • US Citizenship and ability to be clearable up to the Top Secret clearance with SCI eligibility
  • Experience working in the healthcare industry or with medical device software
  • Experience with Platform One, Iron Bank, or similar DoD software factories
  • Understanding of the Risk Management Framework (RMF) and accreditation processes
  • Experience hardening PostgreSQL or other relational databases
  • Experience with automated compliance scanning tools and proprietary fuzzing or scanning pipelines
  • Industry certifications, such as AWS Certified Solutions Architect, Security+, or MCSE

Benefits

This position will be supported at a hybrid capacity at any of the following DW Office locations: Herndon, VA, Omaha, NE, Colorado Springs, CO, Tampa, FL.

Pay

The estimated salary range for this position is $150,000.00 - $180,000.00, commensurate on experience and technical skillset.

Schedule

This position will be supported at a hybrid capacity.

Similar jobs

Infrastructure Security Engineer

STACK InfrastructureDenver Metropolitan Area· 2 wk ago
Information Technology$128k–$145k/yrapply on stackinfra.wd108.myworkdayjobs.com