ECS is seeking a Cloud Engineer to work in our Seaside, CA office. Please Note: This position is contingent upon additional funding.
Job Description:
Apply specialized knowledge of container security and orchestration to develop security solutions in multi-cloud environments to protect our client's sensitive information
Directly perform architecture, engineering and analyst duties. Provide surge support when the assigned analyst and engineer need to meet daily operations objectives
Build and support integrated solutions
Collaborate with other engineers, product managers and customers to shape, build and improve features and engineering tools
Create reusable components that make it easier to build consistent and high-quality user experiences
Own cyber areas of the product and lead their implementation
Evaluate and implement third-party cloud security and compliance tools
Support DevSecOPS integration
Provide Cloud Security support across the DHRA enterprise
Provide security compliant architecture, solutions and engineering support for cloud migrations
Accounts: Manage, implement and report on cloud container privilege accounts
Design, build and maintain UI functionality from sophisticated dashboards to context-aware user flows
Collaborate with leadership to develop metrics based on enterprise situational awareness and monitoring
Track, measure and evaluate security compliance across the enterprise
Prepare and present weekly presentation status slides
Create and maintain SOPs, TTPs, Topology Diagrams, Information Flow Diagrams, and SPARXs documentation
Develop SOP for integration of new applications into DHRA containerized environments
Develop standards and guidelines for cloud development, integrations and operations
Improve engineering standards, tooling, and processes
Create, maintain all eMASS package artifacts
Ensure compliance with NIST 800-53 controls and STIG/Vulnerability compliance
Identify risks and collaborate to remediate risks
Develop as is models and future state models, as well as technology roadmaps
Recommend long-term and strategic advancements
Advise customers on how to best leverage cloud container solutions, such as StackRox to secure their Kubernetes environments
Perform Baseline Image validation of new container template images.
Validate all unnecessary packages have been removed from image and STIGs have been applied to image.
Manage container segmentation polices, and identify policy violations
Validate at a minimum the logs list below are being collected and reviewed: - docker daemon - /var/lib/docker - /etc/docker - docker.services - docker.socket - /etc/default/docker - /etc/docker/daemon.json - /etc/sysconfig/docker - /usr/bin/containerd - /usr/sbin/runc
Perform Vulnerability scans on container environment and collate results for remediation by container management group
Ensure that Malware and Threat prevention functionality is enable on container host, environment, and segments
Ensure modules are in place for on the fly incident response and digital forensics
Integrate tool logs with both DHRA Logging solution and CSSP Logging Solution
Provide as part of the weekly Scanning and Monitoring report the following information pertaining to Container Security:
Changes to network segments being monitored; new application being integrated into container security tool; list of newly approved container baseline images; list of unmanaged container; identify obstacles and remediation actions necessary for successful log management operations.
Salary Range: $150,000 - $190,000
Required Skills:
Must be a US citizen, possess a DoD Top Secret clearance: Minimum vetting Tier 5(T5)-Single Scope Background Investigation (SSBI)
Active DoD 8570 IAT Level 2 or 3 certification for compliance, including at least one of the following certifications in good standing: CISSP, CCSP, CCNA Security, CySA+, GICSP, GSEC, Security+, CND, or SSCP
Bachelor's degree and 10+ years of Information Technology or Cybersecurity related experience
Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders
Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions
Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk
Knowledge of DoD cybersecurity policies, practices, and requirements
Strong organizational skills
May be required to travel, as requested by the Prime and or Government client
Desired Skills:
Prior StackRoxs experience
DevSecOps knowledge and experience
Hands-on experience in scripting such as PowerShell, Python, or Bash and configuration automation tools, such as Ansible, Puppet or Chef.
Experience in an enterprise environment (1500 servers plus 2500 workstations)
Strong technical writing skills
CISSP, CASP, CEH
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.