Security Test Engineer - Cloud Operations - Plus3 IT Systems

Security Test Engineer - Cloud Operations

LOCATION: Primarily remote, but would need to be in Washington DC, Maryland, and Virginia (DMV) for any onsite installations

CLEARANCE LEVEL:  TS/SCI with polygraph

Who YOU are:

As a Security Test Engineer - Cloud Operations at Plus3 IT Systems, you:

• Are passionate about working on cutting-edge, high-profile projects and are motivated by delivering solutions on an aggressive schedule
• Aren't satisfied with status quo, and regularly look for creative ways to solve problems and help your team meet commitments
• Are insatiably curious – you ask why, you explore, and you're not afraid to blurt out your crazy idea
• Are a strong self-performer that also flourishes in a team setting; and love the ability to work on multiple clients/projects simultaneously
• Love learning new technologies and sharing them with your team
• Have a keen interest in using any and all appropriate tools, especially Cloud-based and Open Source, to solve the problem at hand
• Have strong verbal and written communication skills, due to the dynamic nature of collaborations with customers, vendors, and other engineering teams to solve complex business problems together
• Use your experience and leadership skills to motivate your teammates to deliver high quality results in a fast-paced work environment
• Are obsessed with automation, simplicity, and smooth-running systems

Who We Are:

• A 2023 "Top Work Places" recipient (https://topworkplaces.com/company/plus3-it-systems/)
• A company committed to your training, technical experience growth, and well being
• Uniquely positioned and ready to expand, with your help, into more complex and technically challenging environments
• Built upon subject matter expertise supporting the Federal Government with a focus on Cloud Adoption, Cloud Security, Cloud Enabled Data Analytics, Cloud Native Application Development, and DevSecOps
• A small business with big partners such as Amazon Web Services, Microsoft (Azure), and Google (Cloud Platform) and other technology partners; 
• Immuta
• Databricks 
• GitLab
• RedHat
• Multiple Prime contract holder (GSA, SITE III, JAIC DRAID, and NDE)
• Always a committed partner with our customers and laser-focused on their mission

RESPONSIBILITIES:

• Design, develop, build, and implement high impact solutions using best practices to solve customers' diverse challenges across the department of defense and national security landscape
• Generate and maintain the complete security Body of Evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systems
• Author, complete and maintain the System Security Plan (SSP) within XACTA
• Develop the Security Controls Traceability Matrices (SCTM), and the Security Test Plan (STP) procedures within Xacta.
• Analyze existing security systems and make recommendations for changes or improvements
• Automate continuous security and performance testing and monitor health of ACAS and STIG evaluation
• Lead testing efforts and shuttle projects through the RMF process to attain Authority to Operate (ATO)

KNOWLEDGE AND SKILLS:

• Experience working with software developers and architects to understand security requirements
• Experience guiding the application developers on security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements
• Experience creating and managing the plan of action and milestones (POA&Ms), and working with project managers and engineers to develop schedules and engineering actions that mitigate open findings
• Experience supporting the Continuous Monitoring of operational systems; experience monitoring and auditing operational systems for proper use
• Experience with engineering solutions within a cloud environment (primarily AWS)
• Possesses knowledge of infrastructure, application programming, and web and software applications
• Experience working on advanced, complex technical projects or business issues requiring state of the art technical or industry knowledge
• Experience with Vulnerability Analysis and Review (ACAS, TwistLock, SonarQube)
• Knowledge of DISA STIGs and STIG Viewer experience
• Experience with developing Risk Management products and working through system authorization through the RMF
• Able to work independently and autonomously while possessing strong communication and collaboration skills
• Experience with software security testing & assessment and Network Vulnerability Management & Compliance Monitoring
• Demonstrated understanding of modern processing techniques on CPUs, including vectorization, pipelining, and caching
• Experience with Terraform
• Experience with Kubernetes (containerization solutions)
• Experience programming in two or more software programming languages
• Experience with delivering modern technology stacks using cloud services, such as microservices and infrastructure-as-code

EDUCATION AND EXPERIENCE: 

• Bachelor's degree in computer science or related technical field is required for senior role
• 10+ years of related experience is required
• Customer facing skills with ability to drive discussions with customer engineers as well as senior stakeholders
• Familiarity with public sector, governance and compliance in the cloud, Risk Management Framework, NIST SP 800-53, FEDRAMP, DOD cloud computing security requirements guide (CC SRG), DOD secure cloud computing architecture (SCCA), DOD architecture framework (DODAF), and other relevant frameworks

Other:

Plus3 IT Systems is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, contact hr@plus3it.com [include name and/or department, telephone, and e-mail address].

The health and safety of our employees and their families is a top priority. With the continuing impacts of COVID-19 around the world, we are taking action to protect the health and well-being of our colleagues and maintain the safety of the communities where we operate. As a federal contractor, we are required to stay in compliance with Executive Order 14042 with the most up to date information provided at the following link (https://www.saferfederalworkforce.gov/contractors/).

Pay Transparency Notice: Executive Order 11246 requires government contractors to notify applicants and employees of their rights, subject to certain limitations, to discuss, disclose or inquire about compensation or compensation information. Plus3 IT Systems will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge; (b) in furtherance of an investigation, proceeding, hearing or action, including an investigation conducted by the employer; or (c) consistent with Plus3 IT Systems' legal duty to furnish information.