Cybersecurity Engineer
Application Security
Aws Govcloud
Cloud
Cloud Operations
Cloud Platforms
Data Security
DevSecOps
Engineer
Identity and Access Management
Information Security
Information Technology (IT)
InfoSec
Secret Management
Security
Security Automation
Security Compliance
Security Testing
Zero Trust Architecture
Job Description
Remote work opportunity with competitive compensation and the chance to safeguard a mission-critical cloud platform hosted in AWS GovCloud. This role emphasizes Zero Trust, ongoing compliance with NIST, FISMA, FIPS, HIPAA, and VA requirements, and the integration of security into the DevSecOps lifecycle. You will play a key part in shaping secure, resilient cloud capabilities across environments and authorization boundaries.
Responsibilities
- Apply and maintain baseline NIST security controls across all platform environments.
- Integrate SAST, DAST, SCA, container scanning, and Infrastructure as Code scanning into CI/CD pipelines.
- Remediate vulnerabilities identified by scans within government-defined timelines.
- Enforce secure coding standards and approved dependency management across development activities.
- Implement and uphold Zero Trust Architecture and least-privilege access across all components and tenant boundaries.
- Configure and manage container security including image signing, vulnerability scanning, runtime protection, and registry security.
- Operate centralized secrets management with automated rotation for production secrets where automation is supported.
- Support zero-trust and least-privilege controls in pipeline and deployment configurations.
- Validate security control effectiveness through automated testing, configuration validation, and periodic assessments.
- Support penetration testing, red team activities, and independent security assessments as required.
- Implement encryption in transit and at rest across all data flows, storage, and backups using FIPS 140-3 modules.
- Configure per-region KMS keys for multi-region deployments to prevent cross-region data confidentiality issues.
- Support cybersecurity incident response activities in coordination with VA security operations, including forensic analysis and root-cause determination.
- Implement and maintain firewall configurations, security group definitions, and network access controls in line with VA policies.
- Support continuous monitoring activities including configuration validation, security event correlation, and anomaly detection.
- Ensure all platform components comply with VA Critical Security Controls and are authorized before connecting to the VA network.
- Support FICAM requirements including PIV-based authentication, automated provisioning, and assurance-level compliance.
- Contribute to security documentation such as Security Impact Assessments, Vulnerability Management Plans, Security Assessment Plans, and Security Assessment Reports.
- Participate in security audits and assessments providing technical evidence, documentation, and remediation support.
- Participate in Agile and SAFe ceremonies including sprint planning, backlog refinement, demos, and retrospectives.
Requirements
- Minimum 5 years of cybersecurity engineering experience in complex, mission-critical cloud environments, Federal or enterprise settings.
- Hands-on experience implementing security controls in AWS, including EKS, IAM, KMS, security groups, VPC security, and encryption services.
- Experience integrating SAST, DAST, SCA, and container scanning tools into CI/CD pipelines.
- Strong knowledge of Zero Trust Architecture principles and practical implementation.
- Experience with container security, including image scanning, runtime protection, and Kubernetes security policies.
- Hands-on experience with secrets management tools such as AWS Secrets Manager, HashiCorp Vault, or Kubernetes secrets.
- Familiarity with FIPS 140-3 cryptographic requirements and their cloud deployments.
- Experience implementing and validating NIST SP 800-53 Rev. 5 controls.
- Exposure to penetration testing, red team methodologies, and vulnerability remediation practices.
- Experience with incident response including forensic analysis, evidence collection, and corrective action development.
- Knowledge of Federal identity and access management requirements including FICAM, PIV, and multi-factor authentication.
- Experience configuring firewalls, network security, and secure external connections in Federal cloud environments.
- Understanding of HIPAA, Privacy Act, FISMA, and federal data protection requirements.
- Experience working in Agile or SAFe environments with sprint-based cadences.
- Certifications such as CISSP, CEH, GIAC, or equivalent are required.
- AWS Security Specialty or equivalent cloud security certification preferred.
- Certified Kubernetes Security Specialist (CKS) or equivalent certification preferred.
- Bachelor's Degree with at least 5 years of cybersecurity engineering experience, including minimum 2 years implementing security controls for cloud-native platforms in Federal or enterprise IT environments.
- Alternatively, an Associate's Degree with at least 7 years of cybersecurity engineering experience, including minimum 3 years implementing security controls for cloud-native platforms in Federal or enterprise IT environments.
Technologies
- AWS GovCloud
- AWS EKS
- AWS IAM
- AWS Secrets Manager
- AWS KMS
- HashiCorp Vault
- Kubernetes
- Kubernetes secrets
- SAST
- DAST
- SCA
- Infrastructure as Code scanning
- SNOWCAM
- TRM
- BPE
- FIPS 140-3
- PIV-based authentication
Benefits
- Department of Veterans Affairs (VA) experience
- Active Personal Identity Verification (PIV) card
- Experience with VA Critical Security Controls and VA Handbook 6500 security requirements
- Experience implementing security controls across multi-tenant authorization boundaries
- Experience with VA tools and governance processes including SNOWCAM, TRM, and BPE
Compensation
Up to USD 150,000 per year