second-front-systems - Cybersecurity Assessment Engineer

Remote - Washington, DC, District of Columbia , United States$90k - $130k+ Equity1mo ago

Remote NA Cybersecurity Cloud Computing Cybersecurity Engineer Security Engineer Reporting AWS Azure GCP Kubernetes

Requirements

• Experience solving complex and sometimes ill-defined problems • Intermediate knowledge of DevSecOps tools and software development • Ability to create and implement incident response plans • Background in cybersecurity and understanding of vulnerability risk analysis • Hands-on experience assessing or securing services within AWS, Azure, or GCP, particularly within PaaS or Kubernetes-based environments. • Proficient knowledge of NIST SP 800-37 (RMF) and NIST SP 800-53 rev 5 security controls • Deep understanding of the FedRAMP authorization process and Department of Defense (DoD) security standards. • Secret Level Clearance (or above) • Ability to attain DOD 8570 Baseline Certification for IAT II within 6 months of hire date (preferably CYSA+) • Extensive experience with Department of Defense DevSecOps practices, policies, and security. • Experience with Docker, Gitlab, Kubernetes, Anchore, or other container scanning tools. • Ability to write basic scripts (Python, Bash, etc.) to automate evidence collection or data parsing. • Have a strong interest in matters of national security. • The expected base salary range for this role is [$90,000 – $130,000]. Final compensation will be based on factors such as experience, skills, level, and geographic location. This role may also be eligible for discretionary bonuses and equity grants as part of the total compensation package. • SUCCESS AT 2F LOOKS LIKE: • Viewing obstacles as opportunities for growth • Having a bias toward action and tangible, measurable results • Striving to be both compassionate and direct with your feedback • Being team-oriented and inclusive with your actions

Responsibilities

• You will coordinate activities with the Principal Security Engineer, Platform team, and Customer Operations team. • Review web application artifacts of customer developed applications and provide customer feedback • Primary face of the cybersecurity team to software development and mission success teams • Assist with incident response plans to respond to application outages or downtime • Technical Security Validation: Conduct comprehensive assessments of cloud infrastructure, applications, and containerized environments to verify compliance with DISA STIGs, SRGs, and CIS Benchmarks. • Authorization Lifecycle Management: Author, review, and maintain high-quality security artifacts, including System Security Plans (SSP), Security Assessment Plans (SAP), and Security Assessment Reports (SAR). • Continuous Monitoring (ConMon): Monitor and report on the ongoing effectiveness of security controls, ensuring the platform maintains a robust and authorized security posture. • Vulnerability & Risk Analysis: Utilize automated scanning suites (e.g., Anchore, Trivy, Tenable) to identify vulnerabilities, distinguish true positives, and provide actionable remediation guidance to dev teams. • Supply Chain Security: Implement and manage technical workflows for SBOMs (Software Bill of Materials) to support modern, continuous authorization standards. • Cross-Functional Collaboration: Partner with DevOps and Software Engineering teams to translate complex NIST 800-53 controls into implementable technical requirements.

Benefits

• $110K – $140K • Offers Bonus • Upload your resume here to autofill key application fields. • Drop your resume here! • Parsing your resume. Autofilling key fields... • or drag and drop here • Washington, DC / Maryland / Virginia (DMV area) • Raleigh / Durham / Chapel Hill, North Carolina • Denver / Colorado Springs, Colorado • Dallas / Fort Worth, Texas • Another location- please share below. • Please share if you are not in one of the 4 hubs listed above. • Any additional information • Decline to self-identify • Hispanic or Latino - A person of Cuban, Mexican, Puerto Rican, South or Central American, or other Spanish culture or origin regardless of race. • Hispanic or Latino • White (Not Hispanic or Latino) - A person having origins in any of the original peoples of Europe, the Middle East, or North Africa. • White • Black or African American (Not Hispanic or Latino) - A person having origins in any of the black racial groups of Africa. • Black or African American • Native Hawaiian or Other Pacific Islander (Not Hispanic or Latino) - A person having origins in any of the peoples of Hawaii, Guam, Samoa, or other Pacific Islands. • Native Hawaiian or Other Pacific Islander • Asian (Not Hispanic or Latino) - A person having origins in any of the original peoples of the Far East, Southeast Asia, or the Indian Subcontinent, including, for example, Cambodia, China, India, Japan, Korea, Malaysia, Pakistan, the Philippine Islands, Thailand, and Vietnam. • Asian • American Indian or Alaska Native (Not Hispanic or Latino) - A person having origins in any of the original peoples of North and South America (including Central America), and who maintain tribal affiliation or community attachment. • American Indian or Alaska Native • Two or More Races (Not Hispanic or Latino) - All persons who identify with more than one of the above five races. • Two or More Races • Hispanic or Latino • White (Not Hispanic or Latino) • Black or African American (Not Hispanic or Latino) • Native Hawaiian or Other Pacific Islander (Not Hispanic or Latino) • Asian (Not Hispanic or Latino) • American Indian or Alaska Native (Not Hispanic or Latino) • Two or More Races (Not Hispanic or Latino) • I identify as one or more of the classifications of protected veteran listed above • I am not a protected veteran