Delivery | United States

Senior Cybersecurity Engineer III - Federal Practice (Remote)

Who We Are

Trek10 builds and manages massively scalable cloud architectures using cutting-edge AWS technologies. Headquartered in South Bend, IN, we have a local footprint but operate with a global reach. Today we have customers on four continents and from coast to coast in the United States and a global brand for deep expertise. We are a Premier Tier AWS Consulting Partner with the following AWS Partner Competencies: DevOps, Migration, IoT, and SaaS. We have a focus on designing and building serverless / cloud native and IoT systems, DevOps automation, and providing 24/7 AWS infrastructure support. We are pioneering the future of cloud computing and having a lot of fun while we do it!

To better understand the type of cutting-edge work we do for our clients, please take a look at some of our case studies.

Senior Cybersecurity Engineer III - Federal Practice [Remote]

Trek10 is looking for Senior Cybersecurity Engineers who are interested in working in a fast-paced environment providing both cybersecurity support and engineering for application teams and platform teams leveraging cloud native and containerized DevSecOps patterns. Application teams aim to design and build scalable, available systems with great security fundamentals, and low cost on AWS. Our platform teams focus on building automation, guardrails, and sustainable patterns supporting others to deliver more and faster. At Trek10, our engineers are the expert implementers in our organization, building the platforms and systems that are relied upon by our clients and Trek10 itself. This is a complex role that will enable as well as challenge you to grow your skills technical and non-technical. Joining this role provides you the opportunity to work with a diverse team of Trek10 architects and engineers that are building the future. This role includes, but is not limited to, the following:

Responsibilities:

  • Review or conduct regular security and vulnerability assessments leveraging automated and non-automated methods on cloud-based and mobile workloads.
  • Periodically monitor/audit implementations and ensure they are functioning properly.
  • Ensure platform and networks are compliant with DoD policies
  • Identify and advise on technical security requirements, review and approve security architecture and control implementations
  • Research security standards/tools
  • Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Security Assessment Reports
  • Develop and tune automated tests and rules, and monitor alerts and alarms for deviations from security standards, particularly using AWS tools such as Inspector, CloudTrail, CloudWatch, GuardDuty, Lambda, and Security Hub.
  • Identifying, engineering, and building/updating/integrating new and existing security tooling, including cloud-native services
  • Support development and implementation of innovative methods to achieve compliance with government and commercial cybersecurity frameworks.
  • Implement enterprise security solutions such as WAF and SIEM
  • Provide technical and non-technical security engineering assistance in support of maintaining existing ATO, Continuous Authorization, and in obtaining app-specific ATOs where necessary.
  • Advise project teams on current and projected technical security risks, and recommend mitigation strategies to control risk.
  • Assist development teams in defining and updating application threat models and in interpreting security policies, standards, and control requirements.
  • Design vulnerability scans of cloud-based and mobile applications and infrastructure to identify weaknesses, coordinate with app teams to confirm validity of findings, and recommend and assist with mitigations as needed.
  • Work with the security governance team to develop and interpret security standards, and build automated and self-service capabilities that validate application security and compliance status against these standards
  • Research and identify best practices to harden and secure cloud workloads including cloud native, containers, and Kubernetes clusters at scale
  • Coordinate the work of junior team members performing routine and non-routine tasks within the security program.
  • Develop and perform developer-focused training in support of security program goals

Requirements:

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.

The ideal candidate will have:

  • Bachelor's Degree or 2-4 years experience in IT / cybersecurity
  • 3+ years of experience in AWS or other public cloud environments
  • Security+ and CISSP or CCSP certifications
  • Experience with scripting languages and tools (bash, powershell, etc)
  • Experience using a modern programming language such as Python, Node.js, Typescript, GoLang, Java, C#, Rust, etc
  • Experience working with software and app teams throughout the full Software Development Lifecycle (SDLC)
  • Code-defined infrastructure, configuration management tools, and CI/CD
  • AWS security tooling for scanning, monitoring and alerting tools (Inspector, CloudTrail, CloudWatch, GuardDuty, Lambda, Security Hub)
  • A thorough understanding of operational best practices for security in the cloud
  • Containerization patterns with services like ECS, EKS, Fargate, Kubernetes, etc.
  • Proven experience building security reference architecture for all-in AWS cloud deployments
  • Expert-level knowledge of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, SSL, HTTP, HTTPS, routing protocols)
  • Experience and a deep understanding of the application of security, risk, and compliance frameworks (RMF, FedRAMP, DoD CC SRG, NIST 800-53, NIST 800-171)
  • You are comfortable working independently as well as in a collaborative team environment as situation demands
  • Effective verbal and written communication skills
  • Experience in large-scale enterprise IT environments
  • Experience in a consultative, client-facing consulting role
  • Previous or current experience with Federal / Government stakeholders
  • Previous experience providing training in RMF or explaining cyber security concepts to others in a training like environment
  • You know how and when to apply NIST Risk Management Framework, NIST 800-53, and DISA STIGs, including the Application Security and Development STIG

Strongly preferred:

  • AWS Security Specialty or Professional Level Certification
  • Experience with Cloud Native patterns with services like AWS Lambda
  • Experience in large-scale enterprise IT environments
  • Experience in a consultative, client-facing consulting role
  • Previous or current experience with Federal / Government stakeholders
  • Active Secret security clearance

Benefits:

  • Be challenged. Work with a team of super bright individuals. Work in a rapidly evolving industry that is growing at blazing speed.
  • Flexibility. Like to work from home? In your closet? In the shower? If you get the job done go for it.
  • Have fun—Trek10 is home to great people.
  • Get paid. Of course. We have competitive salaries, medical insurance, and other benefits available.
  • Robust training and continuous learning environment and support.
  • Develop a skill set that will set you up for long-term professional growth and development.