Yesterday
Secret
Mid Level Career (5+ yrs experience)
No Traveling
Engineering - Systems
We are seeking a highly skilled Cybersecurity Engineer to assist our client in designing and integrating Continuous Authorization to Operate (cATO) workflows and processes into their Continuous Integration/Continuous Deployment (CI/CD) software development pipeline. The role will be performed within a software factory environment leveraging containerized cloud solutions on AWS and/or Azure, with all work framed under Department of Defense (DoD) cATO policies and process guides. The ideal candidate will bring expertise in cybersecurity, cloud security, and DevSecOps practices to ensure continuous compliance and security within the client's development lifecycle.
Position Title: Cybersecurity Engineer - DoD cATO Integrator
Clearance: Secret
Location: Northern Virginia Area / Remote
Key Responsibilities
Collaboration: Partner with the client's development, DevOps, and security teams to assess the existing CI/CD pipeline and identify integration points for cATO workflows.
Workflow Design: Develop and implement cATO-compliant security controls and processes, ensuring continuous monitoring and authorization of systems.
Security Automation: Integrate automated security testing (e.g., SAST, DAST), vulnerability scanning, and compliance validation into the CI/CD pipeline to support cATO requirements.
Cloud and Container Security: Apply best practices to secure containerized environments (e.g., Docker, Kubernetes) and cloud platforms (AWS and/or Azure), including configuration management, access controls, and monitoring.
Continuous Monitoring: Establish mechanisms for real-time threat detection and response, maintaining active cyber defense as mandated by cATO.
Compliance Documentation: Ensure all security controls and processes are documented and adhere to DoD cybersecurity policies and guides, including DODI 8510.01, Risk Management Framework for DoD Systems, and the DoD CIO cATO Implementation and Assessment guides.
Team Enablement: Provide training and guidance to the client's team on DOD DEVSECOPS cATO policies, best practices, and recommended workflows.
Policy Updates: Stay informed of emerging and evolving DoD initiatives and policies, such as the Software Modernization Strategy, Software Fast Track (SWFT) Initiative, Zero Trust Strategy, and incorporate updates into the pipeline as needed.
Primary Qualifications:
Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Primary Certification: One or more of the following - CISSP, CISM, CCISO
Experience:
Proven expertise in application cybersecurity engineering, with a focus on cloud security (AWS and/or Azure) and containerized environments.
Hands-on experience integrating security into CI/CD pipelines within DoD Software Factory DSOP.
Demonstrated proficiency in the execution of the three core information security capabilities comprising the DoD DevSecOps cATO: Active Cyber Defense, Continuous Monitoring, and Secure Software Supply Chain.
In-depth knowledge of DoD cybersecurity policies, particularly DODI 8510.01 Risk Management Framework (RMF) for DOD Systems, and DoD CIO Implementation and Assessment Guides for secure software development and continuous authorization.
Familiarity with cloud container design and engineering, DoD security requirements and standards, and related tools (e.g., Docker, Kubernetes).
Working knowledge of the DoD Cloud Services provisioning and FedRAMP authorization processes.
Familiarity with NIST standards for secure application design and risk management, including NIST SP 800-218 (Secure Software Development Framework - SSDF), NIST SP 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines, and NIST SP 800-160 (Systems Security Engineering).
Technical Skills:
Proficiency with automation tools such as Maven, Terraform, Ansible, or CloudFormation.
Experience with DoD-approved security testing tools (e.g., Anchore, Grype, Fortify, Trivy, SonarQube, Nessus etc.).
Strong understanding of cloud security principles (e.g., IAM, encryption, network security) and the DoD cATO process.
Experience with cloud container build and artifact collection tools (e.g. Docker, Maven, Harbor, Iron Bank etc.).
Soft Skills:
Excellent problem-solving skills and attention to detail.
Strong communication abilities to collaborate with technical and non-technical stakeholders.
Capability to thrive in a fast-paced, agile environment.
Preferred Qualifications
Experience with DoD-approved Software Factories and DSOPs that have successfully implemented the cATO framework.
Knowledge of Software Bill of Materials (SBOM) generation and management.
Familiarity with Infrastructure as Code (IaC) and policy-as-code frameworks.
OneZero Solutions, LLC is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access www.onezerollc.com/careers as a result of your disability.
To request an accommodation, please contact us at recruiting@onezerollc.com or call (202) 987-2580.
Position Title: Cybersecurity Engineer - DoD cATO Integrator
Clearance: Secret
Location: Northern Virginia Area / Remote
Key Responsibilities
Collaboration: Partner with the client's development, DevOps, and security teams to assess the existing CI/CD pipeline and identify integration points for cATO workflows.
Workflow Design: Develop and implement cATO-compliant security controls and processes, ensuring continuous monitoring and authorization of systems.
Security Automation: Integrate automated security testing (e.g., SAST, DAST), vulnerability scanning, and compliance validation into the CI/CD pipeline to support cATO requirements.
Cloud and Container Security: Apply best practices to secure containerized environments (e.g., Docker, Kubernetes) and cloud platforms (AWS and/or Azure), including configuration management, access controls, and monitoring.
Continuous Monitoring: Establish mechanisms for real-time threat detection and response, maintaining active cyber defense as mandated by cATO.
Compliance Documentation: Ensure all security controls and processes are documented and adhere to DoD cybersecurity policies and guides, including DODI 8510.01, Risk Management Framework for DoD Systems, and the DoD CIO cATO Implementation and Assessment guides.
Team Enablement: Provide training and guidance to the client's team on DOD DEVSECOPS cATO policies, best practices, and recommended workflows.
Policy Updates: Stay informed of emerging and evolving DoD initiatives and policies, such as the Software Modernization Strategy, Software Fast Track (SWFT) Initiative, Zero Trust Strategy, and incorporate updates into the pipeline as needed.
Primary Qualifications:
Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Primary Certification: One or more of the following - CISSP, CISM, CCISO
Experience:
Proven expertise in application cybersecurity engineering, with a focus on cloud security (AWS and/or Azure) and containerized environments.
Hands-on experience integrating security into CI/CD pipelines within DoD Software Factory DSOP.
Demonstrated proficiency in the execution of the three core information security capabilities comprising the DoD DevSecOps cATO: Active Cyber Defense, Continuous Monitoring, and Secure Software Supply Chain.
In-depth knowledge of DoD cybersecurity policies, particularly DODI 8510.01 Risk Management Framework (RMF) for DOD Systems, and DoD CIO Implementation and Assessment Guides for secure software development and continuous authorization.
Familiarity with cloud container design and engineering, DoD security requirements and standards, and related tools (e.g., Docker, Kubernetes).
Working knowledge of the DoD Cloud Services provisioning and FedRAMP authorization processes.
Familiarity with NIST standards for secure application design and risk management, including NIST SP 800-218 (Secure Software Development Framework - SSDF), NIST SP 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines, and NIST SP 800-160 (Systems Security Engineering).
Technical Skills:
Proficiency with automation tools such as Maven, Terraform, Ansible, or CloudFormation.
Experience with DoD-approved security testing tools (e.g., Anchore, Grype, Fortify, Trivy, SonarQube, Nessus etc.).
Strong understanding of cloud security principles (e.g., IAM, encryption, network security) and the DoD cATO process.
Experience with cloud container build and artifact collection tools (e.g. Docker, Maven, Harbor, Iron Bank etc.).
Soft Skills:
Excellent problem-solving skills and attention to detail.
Strong communication abilities to collaborate with technical and non-technical stakeholders.
Capability to thrive in a fast-paced, agile environment.
Preferred Qualifications
Experience with DoD-approved Software Factories and DSOPs that have successfully implemented the cATO framework.
Knowledge of Software Bill of Materials (SBOM) generation and management.
Familiarity with Infrastructure as Code (IaC) and policy-as-code frameworks.
OneZero Solutions, LLC is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access www.onezerollc.com/careers as a result of your disability.
To request an accommodation, please contact us at recruiting@onezerollc.com or call (202) 987-2580.
group id: 91092480
