Yesterday
Secret
Senior Level Career (10+ yrs experience)
185,000
IT - QA and Test
Kearneysville, WV (Off-Site/Hybrid)•Alexandria, VA (Off-Site/Hybrid)
Position Title: Cybersecurity Engineer - DoD cATO Integrator
Clearance: Secret
Location: Alexandria, VA or Kearneysville location/Hybrid
Key Responsibilities
Collaboration: Partner with the client's development, DevOps, and security teams to assess the existing CI/CD pipeline and identify integration points for cATO workflows.
Workflow Design: Develop and implement cATO-compliant security controls and processes, ensuring continuous monitoring and authorization of systems.
Security Automation: Integrate automated security testing (e.g., SAST, DAST), vulnerability scanning, and compliance validation into the CI/CD pipeline to support cATO requirements.
Cloud and Container Security: Apply best practices to secure containerized environments (e.g., Docker, Kubernetes) and cloud platforms (AWS and/or Azure), including configuration management, access controls, and monitoring.
Continuous Monitoring: Establish mechanisms for real-time threat detection and response, maintaining active cyber defense as mandated by cATO.
Compliance Documentation: Ensure all security controls and processes are documented and adhere to DoD cybersecurity policies and guides, including DODI 8510.01, Risk Management Framework for DoD Systems, and the DoD CIO cATO Implementation and Assessment guides.
Team Enablement: Provide training and guidance to the client's team on DOD DEVSECOPS cATO policies, best practices, and recommended workflows.
Policy Updates: Stay informed of emerging and evolving DoD initiatives and policies, such as the Software Modernization Strategy, Software Fast Track (SWFT) Initiative, Zero Trust Strategy, and incorporate updates into the pipeline as needed.
Primary Qualifications:
Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Primary Certification: One or more of the following - CISSP, CISM, CCISO
Experience:
Proven expertise in application cybersecurity engineering, with a focus on cloud security (AWS and/or Azure) and containerized environments.
Hands-on experience integrating security into CI/CD pipelines within DoD Software Factory DSOP.
Demonstrated proficiency in the execution of the three core information security capabilities comprising the DoD DevSecOps cATO: Active Cyber Defense, Continuous Monitoring, and Secure Software Supply Chain.
In-depth knowledge of DoD cybersecurity policies, particularly DODI 8510.01 Risk Management Framework (RMF) for DOD Systems, and DoD CIO Implementation and Assessment Guides for secure software development and continuous authorization.
Familiarity with cloud container design and engineering, DoD security requirements and standards, and related tools (e.g., Docker, Kubernetes).
Working knowledge of the DoD Cloud Services provisioning and FedRAMP authorization processes.
Familiarity with NIST standards for secure application design and risk management, including NIST SP 800-218 (Secure Software Development Framework - SSDF), NIST SP 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines, and NIST SP 800-160 (Systems Security Engineering).
Technical Skills:
Proficiency with automation tools such as Maven, Terraform, Ansible, or CloudFormation.
Experience with DoD-approved security testing tools (e.g., Anchore, Grype, Fortify, Trivy, SonarQube, Nessus etc.).
Strong understanding of cloud security principles (e.g., IAM, encryption, network security) and the DoD cATO process.
Experience with cloud container build and artifact collection tools (e.g. Docker, Maven, Harbor, Iron Bank etc.).
Soft Skills:
Excellent problem-solving skills and attention to detail.
Strong communication abilities to collaborate with technical and non-technical stakeholders.
Capability to thrive in a fast-paced, agile environment.
Preferred Qualifications
Experience with DoD-approved Software Factories and DSOPs that have successfully implemented the cATO framework.
Knowledge of Software Bill of Materials (SBOM) generation and management.
Familiarity with Infrastructure as Code (IaC) and policy-as-code frameworks.
Clearance: Secret
Location: Alexandria, VA or Kearneysville location/Hybrid
Key Responsibilities
Collaboration: Partner with the client's development, DevOps, and security teams to assess the existing CI/CD pipeline and identify integration points for cATO workflows.
Workflow Design: Develop and implement cATO-compliant security controls and processes, ensuring continuous monitoring and authorization of systems.
Security Automation: Integrate automated security testing (e.g., SAST, DAST), vulnerability scanning, and compliance validation into the CI/CD pipeline to support cATO requirements.
Cloud and Container Security: Apply best practices to secure containerized environments (e.g., Docker, Kubernetes) and cloud platforms (AWS and/or Azure), including configuration management, access controls, and monitoring.
Continuous Monitoring: Establish mechanisms for real-time threat detection and response, maintaining active cyber defense as mandated by cATO.
Compliance Documentation: Ensure all security controls and processes are documented and adhere to DoD cybersecurity policies and guides, including DODI 8510.01, Risk Management Framework for DoD Systems, and the DoD CIO cATO Implementation and Assessment guides.
Team Enablement: Provide training and guidance to the client's team on DOD DEVSECOPS cATO policies, best practices, and recommended workflows.
Policy Updates: Stay informed of emerging and evolving DoD initiatives and policies, such as the Software Modernization Strategy, Software Fast Track (SWFT) Initiative, Zero Trust Strategy, and incorporate updates into the pipeline as needed.
Primary Qualifications:
Education: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
Primary Certification: One or more of the following - CISSP, CISM, CCISO
Experience:
Proven expertise in application cybersecurity engineering, with a focus on cloud security (AWS and/or Azure) and containerized environments.
Hands-on experience integrating security into CI/CD pipelines within DoD Software Factory DSOP.
Demonstrated proficiency in the execution of the three core information security capabilities comprising the DoD DevSecOps cATO: Active Cyber Defense, Continuous Monitoring, and Secure Software Supply Chain.
In-depth knowledge of DoD cybersecurity policies, particularly DODI 8510.01 Risk Management Framework (RMF) for DOD Systems, and DoD CIO Implementation and Assessment Guides for secure software development and continuous authorization.
Familiarity with cloud container design and engineering, DoD security requirements and standards, and related tools (e.g., Docker, Kubernetes).
Working knowledge of the DoD Cloud Services provisioning and FedRAMP authorization processes.
Familiarity with NIST standards for secure application design and risk management, including NIST SP 800-218 (Secure Software Development Framework - SSDF), NIST SP 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD pipelines, and NIST SP 800-160 (Systems Security Engineering).
Technical Skills:
Proficiency with automation tools such as Maven, Terraform, Ansible, or CloudFormation.
Experience with DoD-approved security testing tools (e.g., Anchore, Grype, Fortify, Trivy, SonarQube, Nessus etc.).
Strong understanding of cloud security principles (e.g., IAM, encryption, network security) and the DoD cATO process.
Experience with cloud container build and artifact collection tools (e.g. Docker, Maven, Harbor, Iron Bank etc.).
Soft Skills:
Excellent problem-solving skills and attention to detail.
Strong communication abilities to collaborate with technical and non-technical stakeholders.
Capability to thrive in a fast-paced, agile environment.
Preferred Qualifications
Experience with DoD-approved Software Factories and DSOPs that have successfully implemented the cATO framework.
Knowledge of Software Bill of Materials (SBOM) generation and management.
Familiarity with Infrastructure as Code (IaC) and policy-as-code frameworks.
group id: 91092480
