Knox Systems, Inc.Remote
Devops Security Engineer
United States
Full Time
2 hours ago
$110,000 - $140,000 USD
No H1B
Key skills
AIAWSAzureGCPTerraformKubernetesGitHub ActionsIAMGitHubCI/CDCommunicationPenetration TestingCloud Security
About this role
Knox Systems, Inc. operates the largest Federal managed cloud, focusing on secure cloud and AI environments for the U.S. government. The Devops Security Engineer will be responsible for securing cloud-native environments, ensuring compliance with FedRAMP and NIST standards, and embedding security controls into infrastructure and operations.
Responsibilities:
- Serve as a security point of contact for external customers deploying into regulated cloud environments
- Support customer onboarding by validating application security posture and deployment readiness for FedRAMP environments
- Review customer security documentation, architectures, and deployment workflows against platform security requirements
- Communicate security requirements, changes, incident escalations, and compliance questions clearly to customers
- Implement and operate security controls required for FedRAMP Moderate/High, aligned to NIST SP 800-53
- Support Continuous Monitoring (ConMon) activities, including vulnerability tracking, POA&M updates, and compliance reporting
- Maintain and validate FedRAMP security architecture artifacts, including network diagrams, data flow diagrams, trust boundaries, and control flows
- Validate deployed infrastructure and traffic patterns against approved FedRAMP architectures using flow logs and telemetry
- Operates CrowdStrike as part of the core CNAPP enforcement and DevSecOps control, including IOM/IOA analysis, vulnerability management (Spotlight), workload protection, and telemetry/log review for cloud workloads
- Integrate CrowdStrike CNAPP and detection signals into automated SOAR and CI/CD workflows to support preventative controls, response, and Continuous Monitoring (ConMon) for FedRAMP compliance
- Coordinate external penetration testing efforts, including scoping, access, findings review, and remediation tracking
- Use application security tools (e.g., Burp Suite) to support internal testing and remediation
- Implement security and compliance gates in CI/CD pipelines to prevent non-compliant infrastructure or code from reaching production
- Enforce policy-as-code guardrails for IAM, networking, logging, encryption, and endpoint protection using Terraform
- Ensure CrowdStrike coverage, logging, and monitoring are enforced as deployment prerequisites
- Prevent cloud exposure by enforcing network segmentation, approved ingress/egress paths, and least-privilege access
- Detect and remediate configuration drift using CSPM and automated workflows
- Secure Kubernetes clusters and containerized workloads to approved security baselines
Requirements:
- 4+ years of experience in Cloud Security, DevSecOps, or Security Operations roles
- Hands-on experience operating CrowdStrike Falcon in production environments
- Direct experience supporting FedRAMP environments and implementing NIST SP 800-53 controls
- Experience working directly with external customers on security onboarding or deployment readiness
- Strong experience with Wiz or similar CSPM/CNAPP platforms
- Proficiency with Terraform and CI/CD tooling (GitHub, GitHub Actions)
- Experience securing multi-cloud environments (AWS required; Azure and/or GCP preferred)
- Strong written and verbal communication skills
- US Citizenship Required. Dual Citizenship Prohibited. Must reside in the US
- Experience supporting or collaborating with SOC or incident response teams
- Experience managing external penetration testing engagements
- Familiarity with System Security Plans (SSPs) and audit artifacts
- Relevant certifications (AWS Security Specialty, CISSP, CISM, CCSP)
- Experience applying automation or AI-assisted tools to security workflows