DevOps Engineer- Hybrid Rosslyn, VA

Motion Recruitment - Arlington, VA

posted 4 months ago

Full-time
Arlington, VA
Administrative and Support Services

About the position

The DevOps Engineer position is a critical role within a small, mission-driven team focused on transforming government technology acquisition and innovation scouting. This role is designed for individuals who are passionate about making a meaningful impact and are looking for an opportunity to grow in a dynamic work environment. The company operates on a hybrid model, requiring employees to be on-site in Rosslyn, VA, 1-2 days a week, allowing for a blend of remote and in-office work. As a DevOps Engineer, you will be responsible for both Cloud Security and Cloud Infrastructure teams. In the Cloud Security team, you will develop and conduct security awareness and training programs, design and implement security systems to protect networks and data, and create and enforce security policies in compliance with industry standards such as GDPR, FISMA, and NIST 800-53 FedRAMP. You will manage security infrastructure, configure and utilize tools like Splunk for security monitoring, and conduct risk assessments to recommend solutions. Your role will also involve performing penetration testing, security audits, and staying current with security threats and trends. In the Cloud Infrastructure team, you will design and deploy scalable and secure AWS cloud infrastructure solutions, manage virtual machines and containers, and implement VPC networking components for secure communication. You will utilize scripting languages for task automation, employ tools like Terraform and Ansible for infrastructure automation, and ensure compliance with security and privacy standards. Your responsibilities will also include monitoring cloud resource performance, implementing backup and disaster recovery strategies, and providing technical support and troubleshooting. This position requires strong problem-solving skills and the ability to adapt quickly to new challenges, making it ideal for proactive individuals who thrive in a fast-paced environment.

Responsibilities

  • Develop and conduct security awareness and training programs.
  • Design, implement, and maintain security systems to protect networks and data.
  • Create and enforce security policies to comply with industry standards like GDPR, FISMA, and NIST 800-53 FedRAMP.
  • Manage security infrastructure, including IDS/IPS systems.
  • Configure and use Splunk for security monitoring and incident response.
  • Review and investigate daily security alerts.
  • Analyze and address security incidents and implement preventive measures.
  • Generate regular security reports.
  • Integrate security measures into system designs with cross-functional teams.
  • Conduct risk and vulnerability assessments and recommend solutions.
  • Provide insights on potential security risks and enhancements.
  • Perform security audits and assessments, including user access control and vulnerability assessments.
  • Update system policies and procedures (e.g., SSP).
  • Stay current with security threats and trends.
  • Perform penetration testing and monthly security scans using tools like Burp, OWASP, and Nessus.
  • Review, analyze, and document scan findings in GitLab.
  • Conduct STIG or CIS Compliance scans and document findings.
  • Perform independent research on security vulnerabilities and provide remediation processes.
  • Document security issues and findings in GitLab.
  • Track and manage POA&M lists and hold monthly security meetings.
  • Document deviations and exceptions in GitLab.
  • Participate in incident response activities.
  • Manage and maintain security tools and technologies.
  • Collaborate with vendors to implement security solutions.
  • Assess and configure new security tools.
  • Take ownership of tasks and adapt quickly to new challenges.
  • Design and deploy scalable, secure AWS cloud infrastructure solutions.
  • Manage virtual machines, EC2, containers, and serverless functions.
  • Implement and manage VPC networking components for secure communication.
  • Manage IAM policies and controls within AWS.
  • Utilize Terraform and Ansible for infrastructure automation and server hardening.
  • Implement DevSecOps using GitLab for pipeline automation with AWS containers.
  • Configure security endpoint tools and SIEM tools like Splunk.
  • Monitor and optimize cloud resource performance.
  • Implement backup and disaster recovery strategies.
  • Develop SOPs and update technical documentation.
  • Conduct regular security assessments and audits.
  • Collaborate on cloud infrastructure best practices.
  • Stay current with cloud technologies and trends.
  • Provide technical support and troubleshooting.
  • Conduct independent research on new tools and their configuration.

Requirements

  • Experience in developing and conducting security awareness and training programs.
  • Proficiency in designing, implementing, and maintaining security systems.
  • Knowledge of security policies compliance with GDPR, FISMA, and NIST 800-53 FedRAMP.
  • Experience managing security infrastructure, including IDS/IPS systems.
  • Proficiency in configuring and using Splunk for security monitoring and incident response.
  • Ability to review and investigate daily security alerts and analyze security incidents.
  • Experience in generating security reports and integrating security measures into system designs.
  • Experience conducting risk and vulnerability assessments and recommending solutions.
  • Knowledge of security audits and assessments, including user access control and vulnerability assessments.
  • Experience in performing penetration testing and security scans using tools like Burp, OWASP, and Nessus.
  • Proficiency in documenting security issues and findings in GitLab.
  • Experience in managing and maintaining security tools and technologies.
  • Experience with AWS native security tools and cloud infrastructure solutions.
  • Strong troubleshooting and problem-solving skills.
  • Proficiency in scripting (bash, Python) for task automation.
  • Experience with Terraform and Ansible for infrastructure automation.
  • Knowledge of compliance with security and privacy standards.

Nice-to-haves

  • Experience with web (nginx), application (tomcat), and database (MariaDB) administration.
  • Familiarity with networking, Cloud Guard Network Security, NFS, LVM, and rsyslog.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service