Key skills
Cloud CybersecurityInformation AssuranceAzureAWSContinuous Integration/Continuous Deployment (CI/CD)Windows System AdministrationLinux System AdministrationSecurity Technical Implementation Guide (STIG)Vulnerability ScanningRemediationSystem TroubleshootingNetworking ConceptsIdentity ManagementAuthentication ToolsCompTIA Security+Configuration Management ToolsSecurity InformationEvent Management (SIEM)Microsoft Active DirectoryMicrosoft Group PolicyVirtualizationDockerKubernetesTerraformPythonPowerShellBashSQLAnalyticsJenkinsAnsibleEKSAKSHelmOpenShiftAPI GatewayPostgreSQLMySQLSAMLLDAPActive DirectorySplunkBitbucketAtlassianJiraConfluenceCI/CD
About this role
Leidos is a leading defense and technology company seeking a Senior Cloud Cybersecurity Infrastructure Engineer to support an Air Force & Navy Mission Planning program. This role involves managing and securing cloud infrastructure for a CI/CD pipeline, ensuring the cybersecurity posture of complex IT systems, and collaborating with a team of engineers in a DevSecOps environment.
Responsibilities:
- Providing Subject Matter Expertise for cloud Information Assurance on a variety of implementations
- Securing high-availability systems via industry/DOD standards and best practices
- Configuring & securing underlying Azure/AWS cloud resources for build, release & deployment pipelines
- Supporting an enterprise CI/CD environment with multiple servers, operating systems and applications
- Deploying, reviewing, patching & testing systems for adherence to build & security requirements
- Resolving tickets and problem reports on specific technologies and hardware/software components, including COTS/GOTS products, from the system level to individual hardware/software components
- Building and maintaining scripts for automation of tasks and server maintenance
- Creating and maintaining accurate maintenance documentation for systems
Requirements:
- U.S. Citizenship with the ability to obtain and maintain a Secret Security Clearance
- Bachelor's degree with 8+ years of experience or a Master's degree with 6+ years of experience. Additional experience may be considered in lieu of a degree
- Ability to obtain a CompTIA Security+ certification or minimum equivalent to meet DoD 8570 Compliance
- 4+ years of Windows & Linux sys administration with 2+ years in an Azure/AWS cloud environment
- Experience applying/debugging STIG settings/conflicts in Windows/Linux servers and hosted apps
- Experience interpreting scanning tool outputs (Nessus, SCAP, Evaluate STIG, etc.) and remediating findings
- Experience with system troubleshooting tools like top, iostat, vmstat, netstat, lvm, fdisk
- Strong understanding of networking concepts such as OSI Model, LAN/WAN, IPv4/IPv6, subnetting, VLANs, edge services & point-to-point VPN setup within cloud environments
- Experience working with identity management & authentication tools such as LDAP, SAML, and PKI
- US Citizen with an active Secret or higher security clearance
- Hands-on experience with Configuration Management tools such as Ansible, Chef, or Puppet
- Hands-on experience with Trellix/McAfee ePO and product suite
- Hands-on configuration and experience with SIEM tools (e.g., Splunk, Azure Log Analytics, QRadar, LogRhythm)
- Hands-on experience with Microsoft Active Directory (i.e., OU creation, Schema Changes, Security Groups)
- Hands-on experience with Microsoft Group Policy (i.e., Creating GPOs, GPO inheritance, Security Filtering)
- Virtualization experience (VMware vCenter, ESXi, KVM, Hyper-V)
- Experience with Docker container technologies and Docker container deployment technologies, such as Terraform, Kubernetes, OpenShift, Helm, EKS, AKS
- Experience supporting Jenkins pipeline code building and analysis tools
- Coding and/or scripting experience using Python, Powershell, Bash, or other tools
- Atlassian Tools Suite experience (Bitbucket, Confluence, JIRA)
- Experience managing web servers such as IIS and Tomcat
- Familiarity with F5 BIG-IP Authentication and SAML IdP/SP
- Intermediate knowledge of MS SQL, PostgreSQL, and MySQL
- Experience in designing and implementing VNet/VLAN ports, protocols and services settings to restrict communications across Cloud-native virtual networking boundaries
- Experience managing projects and processes to achieve enterprise business improvement objectives
- Experience hardening API Gateway and API Endpoints
- Experience with backup and recovery of IT infrastructure
- Experience as an Information Systems Security Officer or Engineer (ISSO or ISSE)
- Experience managing, interpreting, and updating Plans of Action and Milestones (POA&Ms)
- Experience developing cybersecurity policy related to cloud environments
- Experience applying STIGs to containers