DevOps Engineer- Hybrid Rosslyn, VA

DevOps Engineer

This company is a small team on a mission to transform government technology acquisition and innovation scouting. Their purpose-driven approach allows to create a meaningful impact, making our work environment ideal for those looking to break free from the mundane and grow together.

The company is located in Rosslyn, VA and will be a hybrid model 1-2 days a week.

Required Skills & Experience:
Cloud Security Team

• Develops and conducts security awareness and training programs.
• Designs, implements, and maintains security systems to protect networks and data.
• Creates and enforces security policies to comply with industry standards like GDPR, FISMA, and NIST 800-53 FedRAMP.
• Manages security infrastructure, including IDS/IPS systems.
• Configures and uses Splunk for security monitoring and incident response.
• Reviews and investigates daily security alerts.
• Analyzes and addresses security incidents and implements preventive measures.
• Generates regular security reports.
• Integrates security measures into system designs with cross-functional teams.
• Conducts risk and vulnerability assessments and recommends solutions.
• Provides insights on potential security risks and enhancements.
• Performs security audits and assessments, including user access control and vulnerability assessments.
• Updates system policies and procedures (e.g., SSP).
• Stays current with security threats and trends.
• Performs penetration testing and monthly security scans using tools like Burp, OWASP, and Nessus.
• Reviews, analyzes, and documents scan findings in GitLab.
• Conducts STIG or CIS Compliance scans and documents findings.
• Performs independent research on security vulnerabilities and provides remediation processes.
• Documents security issues and findings in GitLab.
• Tracks and manages POA&M lists and holds monthly security meetings.
• Documents deviations and exceptions in GitLab.
• Participates in incident response activities.
• Manages and maintains security tools and technologies.
• Collaborates with vendors to implement security solutions.
• Assesses and configures new security tools.
• Experienced with AWS native security tools.
• Takes ownership of tasks and adapts quickly to new challenges.

Cloud Infrastructure Team:

• Strong troubleshooting and problem-solving skills; communicates effectively with team members.
• Designs and deploys scalable, secure AWS cloud infrastructure solutions.
• Experienced with AWS tools and services like ECS, IAM, KMS, S3, and CloudWatch.
• Manages virtual machines, EC2, containers, and serverless functions.
• Implements and manages VPC networking components for secure communication.
• Manages IAM policies and controls within AWS.
• Experienced with networking, Cloud Guard Network Security, NFS, LVM, and rsyslog.
• Proficient in scripting (bash, Python) for task automation.
• Utilizes Terraform and Ansible for infrastructure automation and server hardening.
• Implements DevSecOps using GitLab for pipeline automation with AWS containers.
• Configures security endpoint tools and SIEM tools like Splunk.
• Monitors and optimizes cloud resource performance.
• Implements backup and disaster recovery strategies.
• Ensures compliance with security and privacy standards like GDPR, FISMA, and NIST 800-53 FedRAMP.
• Develops SOPs and updates technical documentation.
• Conducts regular security assessments and audits.
• Collaborates on cloud infrastructure best practices.
• Stays current with cloud technologies and trends.
• Provides technical support and troubleshooting.
• Conducts independent research on new tools and their configuration.
• Takes ownership of tasks and adapts quickly to new challenges.
• Experienced with web (nginx), application (tomcat), and database (MariaDB) administration.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn’t provide sponsorship.