Devops Security Engineer

knox-systemsRemote - USA$110k – $140k2w ago

Remote Mid NA Cloud Computing Public Sector Security Engineer DevOps Engineer Reporting Compliance Reporting Customer Onboarding Government Relations Terraform

Upload My Resume

Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT

Apply in One Click

Requirements

• Skills needed: Experience with cloud security tools such as CrowdStrike. Familiarity with FedRAMP Moderate/High and NIST SP 800-53 requirements is required. Knowledge of infrastructure security, continuous monitoring (ConMon), vulnerability tracking, POA&M updates, compliance reporting, network diagrams, data flow diagrams, trust boundaries, control flows are necessary. Ability to validate deployed infrastructure and traffic patterns against approved architectures using telemetry is required. Experience with IOM/IOA analysis within CrowdStrike's CNAPP enforcement framework is needed. • Years of experience: Not explicitly stated in the job posting, but a preference for West Coast hours suggests potential candidates might have prior remote work or travel requirements which often correlate to higher levels of self-management and independence that could be associated with more experienced roles. However, without explicit information provided about years required, this cannot be confirmed from the text alone. • Education: Not explicitly stated in the job posting; however, experience working at a federal scale suggests potential candidates may have relevant education or certifications related to government contracting and security compliance standards like FedRAMP/NIST SP 800-53 which often require specific educational backgrounds such as Bachelor's degree. • Certifications: Not explicitly stated in the job posting, but experience with CrowdStrike implies potential knowledge or certification related to cybersecurity and cloud security tools like Cisco ASA for firewall management (which is not mentioned). Experience working at a federal scale suggests familiarity with government contracting which may require specific industry-related certifications. • Must-haves: US Citizenship required, dual citizenship prohibited; must reside in the U.S.; experience running and operating secure cloud environments supporting critical missions is preferred but not explicitly stated as a requirement for this role.

Responsibilities

• Customer Onboarding & Communication • Serve as a security point of contact for external customers deploying into regulated cloud environments. • Support customer onboarding by validating application security posture and deployment readiness for FedRAMP environments. • Review customer security documentation, architectures, and deployment workflows against platform security requirements. • Communicate security requirements, changes, incident escalations, and compliance questions clearly to customers. • Federal Compliance & Governance (FedRAMP/NIST) • Implement and operate security controls required for FedRAMP Moderate/High, aligned to NIST SP 800-53. • Support Continuous Monitoring (ConMon) activities, including vulnerability tracking, POA&M updates, and compliance reporting. • Maintain and validate FedRAMP security architecture artifacts, including network diagrams, data flow diagrams, trust boundaries, and control flows. • Validate deployed infrastructure and traffic patterns against approved FedRAMP architectures using flow logs and telemetry. • Security Tooling & Vendor Management • Operates CrowdStrike as part of the core CNAPP enforcement and DevSecOps control, including IOM/IOA analysis, vulnerability management (Spotlight), workload protection, and telemetry/log review for cloud workloads. • Integrate CrowdStrike CNAPP and detection signals into automated SOAR and CI/CD workflows to support preventative controls, response, and Continuous Monitoring (ConMon) for FedRAMP compliance. • Coordinate external penetration testing efforts, including scoping, access, findings review, and remediation tracking. • Use application security tools (e.g., Burp Suite) to support internal testing and remediation. • DevOps, Automation, & Preventative Security • Implement security and compliance gates in CI/CD pipelines to prevent non-compliant infrastructure or code from reaching production. • Enforce policy-as-code guardrails for IAM, networking, logging, encryption, and endpoint protection using Terraform. • Ensure CrowdStrike coverage, logging, and monitoring are enforced as deployment prerequisites. • Prevent cloud exposure by enforcing network segmentation, approved ingress/egress paths, and least-privilege access. • Detect and remediate configuration drift using CSPM and automated workflows. • Secure Kubernetes clusters and containerized workloads to approved security baselines.

Benefits

• $110K – $140K • Offers Equity • Offers Bonus • Upload your resume here to autofill key application fields. • Drop your resume here! • Parsing your resume. Autofilling key fields... • or drag and drop here • Why are you interested in working at Knox Systems? • Describe how you’ve implemented security or compliance gates in CI/CD pipelines. What was blocked, and how? • What CrowdStrike Falcon modules have you used in production (e.g., Spotlight, IOA/IOM, workload protection, CNAPP features)? • Have you worked directly with SOC or incident response teams during security events or escalations?