Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction
The Pivotal Cloud Foundry (PCF) Information System Security Engineer (ISSE) is a security engineer possessing deep technical skills with cutting edge technologies to enable PWS to remain authorized and supporting its mission to run meaningful production mission application workloads across the intelligence community. The ISSE will work in a strategic customer environment and deal with security issues involved with the day-to-day tasks of running the Pivotal Cloud Foundry managed Platform as a service (PaaS) on Amazon C2S. This service is referred to as Pivotal Web Services (PWS). The ISSE supports the PCF Operators ensuring the PWS platform is operated in a secure manner and retains its authorized status. Duties include managing patches and upgrades within the customer POAM and RMF processes recommending security improvements to PCF developers supervising patching and upgrades to the platform, software runtime versions and deploying language build packs in accordance with customer security policy and operational requirements. The PCF ISSE acts as the frontline security technical representative for the program, interacts and takes direction from the assigned Information System Security Manager (ISSM).
Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
5+ years Expertise in security engineering
Strong familiarity with the NIST and customer Risk Management Framework (RMF), including CNSSI 1253, ICD-503, NIST SP800-53 versions 3 thru 5, NIST SP800-137, ICS 500-27 (IC Enterprise Audit) and fundamentals of continuous monitoring
Working understanding of the customer's vulnerability management program
Strong understanding of the Center for Internet Security (CIS) security benchmarks, DISA Security Technical Implementation Guides (STIGs), and security hardening.
Strong understanding of vulnerability management, Tenable Nessus, and vulnerability remediation processes
Familiarity with ICD503 and NIST 800-53A security testing and demonstration of control compliance
Familiarity with any of AWS CloudFormation, OpenStack Heat, Azure Resource Templates, or Google Deployment to automate deployment of cloud resources
Exposure to cloud APIs such as Fog, Boto, libcloud or similar
Exposure to automating tasks using a script or interpreted language such as bash, PowerShell, Perl, Python, or Java, and automation frameworks like Terraform, Vagrant, and Packer. Familiarity with Object Oriented Design Methodology, design, implementation, and administration, (J2EE, JSON, HTML, and XML).
Experience using configuration management tools like Puppet, Chef, Ansible, BOSH, etc.
A clear understanding of container technologies such as Kubernetes, associated tools & challenges using them to support cloud workloads
Familiarity with Amazon Web Services (AWS/C2S), Infrastructure as a Service (IaaS)
Familiarity with Platform as a Service (PaaS) environments such as Cloud Foundry, Heroku, Elastic Beanstalk or similar
Understanding of concepts of with configuration management scripting.
Familiarity with source control management systems such as Git, Mercurial, Subversion, or Git/GitHub
Experience with distributed systems and web architectures.
Familiarity with the concepts of Continuous Integration and Continuous Deployment (CI/CD).
General understanding of Site Reliability Engineering (SRE) concepts
Recommended Technical Skill Sets:
Experience with DISA STIG Viewer
Experience with Xacta360 or previous versions
Experience defining and deploying security monitoring, metrics, and logging solutions/strategies across applications, systems and services where applicable
Exposure to implementing systems that are highly available, scalable, and self-healing on premise, and on the AWS platform
Working knowledge of firewalls and networking experience is a plus
Experience providing managed services in an IaaS, PaaS, SaaS Public Cloud environment
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.