Key skills
PythonSQLBashPowerShellAnalyticsAWSAzureTerraformKubernetesDockerJenkinsAnsibleEKSAKSHelmOpenShiftAPI GatewayPostgreSQLMySQLSAMLLDAPActive DirectoryIdentity ManagementSplunkBitbucketAtlassianJiraConfluenceCI/CD
About this role
Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations. The Senior Cloud Cybersecurity Infrastructure Engineer will support an Air Force & Navy Mission Planning program by managing the underlying infrastructure for a cloud-based CI/CD pipeline and ensuring the cybersecurity posture of complex IT systems.
Responsibilities:
- Providing Subject Matter Expertise for cloud Information Assurance on a variety of implementations
- Securing high-availability systems via industry/DOD standards and best practices
- Configuring & securing underlying Azure/AWS cloud resources for build, release & deployment pipelines
- Supporting an enterprise CI/CD environment with multiple servers, operating systems and applications
- Deploying, reviewing, patching & testing systems for adherence to build & security requirements
- Resolving tickets and problem reports on specific technologies and hardware/software components, including COTS/GOTS products, from the system level to individual hardware/software components
- Building and maintaining scripts for automation of tasks and server maintenance
- Creating and maintaining accurate maintenance documentation for systems
Requirements:
- U.S. Citizenship with the ability to obtain and maintain a Secret Security Clearance
- Bachelor's degree with 8+ years of experience or a Master's degree with 6+ years of experience. Additional experience may be considered in lieu of a degree
- Ability to obtain a CompTIA Security+ certification or minimum equivalent to meet DoD 8570 Compliance
- 4+ years of Windows & Linux sys administration with 2+ years in an Azure/AWS cloud environment
- Experience applying/debugging STIG settings/conflicts in Windows/Linux servers and hosted apps
- Experience interpreting scanning tool outputs (Nessus, SCAP, Evaluate STIG, etc.) and remediating findings
- Experience with system troubleshooting tools like top, iostat, vmstat, netstat, lvm, fdisk
- Strong understanding of networking concepts such as OSI Model, LAN/WAN, IPv4/IPv6, subnetting, VLANs, edge services & point-to-point VPN setup within cloud environments
- Experience working with identity management & authentication tools such as LDAP, SAML, and PKI
- US Citizen with an active Secret or higher security clearance
- Hands-on experience with Configuration Management tools such as Ansible, Chef, or Puppet
- Hands-on experience with Trellix/McAfee ePO and product suite
- Hands-on configuration and experience with SIEM tools (e.g., Splunk, Azure Log Analytics, QRadar, LogRhythm)
- Hands-on experience with Microsoft Active Directory (i.e., OU creation, Schema Changes, Security Groups)
- Hands-on experience with Microsoft Group Policy (i.e., Creating GPOs, GPO inheritance, Security Filtering)
- Virtualization experience (VMware vCenter, ESXi, KVM, Hyper-V)
- Experience with Docker container technologies and Docker container deployment technologies, such as Terraform, Kubernetes, OpenShift, Helm, EKS, AKS
- Experience supporting Jenkins pipeline code building and analysis tools
- Coding and/or scripting experience using Python, Powershell, Bash, or other tools
- Atlassian Tools Suite experience (Bitbucket, Confluence, JIRA)
- Experience managing web servers such as IIS and Tomcat
- Familiarity with F5 BIG-IP Authentication and SAML IdP/SP
- Intermediate knowledge of MS SQL, PostgreSQL, and MySQL
- Experience in designing and implementing VNet/VLAN ports, protocols and services settings to restrict communications across Cloud-native virtual networking boundaries
- Experience managing projects and processes to achieve enterprise business improvement objectives
- Experience hardening API Gateway and API Endpoints
- Experience with backup and recovery of IT infrastructure
- Experience as an Information Systems Security Officer or Engineer (ISSO or ISSE)
- Experience managing, interpreting, and updating Plans of Action and Milestones (POA&Ms)
- Experience developing cybersecurity policy related to cloud environments
- Experience applying STIGs to containers