Lead Staff Cyber Security Engineer

Posted 27 April 2022
Salary Competitive
Discipline Cyber Security
Contact NameSam Pennie
Remote working Remote

Job description

At Rise8, we’re in the business of inspiring culture by enabling clients to ruthlessly prioritize end-user value to build, test, and deliver regularly, consistently, and quickly as possible.

You will secure the build, configuration, deployment, operation, and monitoring of VPCs inside leading commercial clouds as well as secure k8s platforms like D2IQ, Tanzu, Rancher, etc. You also provide expertise for secure management of the stack: monitoring, incident response, disaster recovery, security compliance/auditing, networking, storage, and service brokers. You will:
  • Secure all the things while hacking the bureaucracy
  • Continuously improve your product/service to enable high-speed security
  • Work with teams to automate security toil that can be automated
  • Work in an environment that supports your individual growth

We practice and teach an approach to cybersecurity engineering that applies across industries and organizations, so you’ll experience all types of teams, products, and technologies. And we believe in working at a sustainable pace – you’ll typically cyber hard for 8 hours each day, but then you’re off work to relax, recharge and refocus.

Necessary Experience
  • 10+ years of a combination of development, security and operations experience
  • Applying both native cloud security and monitoring services in AWS provider, including VPC Service Controls, Firewall, Cloud KMS, Cloud Armor, Cloud IAM, Cloud Audit Logs, Cloud Security Command Center, and Cloud Security Scanner
  • Applying cybersecurity concepts, including threats, vulnerabilities, security operations, encryption, boundary defense, auditing, authentication, and risk management
  • Automating the provisioning and configuration of IT environments, including tools such as Terraform, Cloud Deployment Manager, Puppet, Chef, Ansible, or PowerShell tools
  • Applying network firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS), anti-malware, vulnerability scanning, encryption, monitoring, and Identity, Credential, and Access Management (ICAM)
  • Developing technical engineering artifacts, including traceability matrices, network diagrams, data flow diagrams, installation procedures, and operations manuals
  • Cloud-native security best-practices, such as the AWS Security Pillar of the AWS Well-Architected Framework
  • Identity and access management best-practices such as least-privileged access control, cloud access policies, cross-account roles etc.
  • Expert knowledge administering Active Directory (AD) and GPO’s
  • Knowledge of server virtualization technologies
  • Securing large scale cloud and containerized production systems and dealing with security incidents in them
  • Training, mentoring and/or upskilling engineers
  • Managing a team of security engineers
  • Strong communication skills and interest in a client pairing environment  Applying lean and agile methodologies
  • BA/BS in Cybersecurity, Computer Science or related field, or equivalent experience
  • Strong policy understanding of RMF, FEDRAMP, DISA CC SRG, DISA CAP connection, DISA secure routing & endpoints for various DISA Impact Levels (ILs), and determining what services are authorized at various ILs
  • Strong understanding of the controls inheritance model and controls automation, shared responsibility model, and an understanding of modern RMF methodologies such as Continuous RMF via Ongoing Authorization

Desired Experience
  • Led implementation of a DoD program’s VPC to IL4/IL5 with CAP connection and full ATO from the ground up  Implementing NIST controls inheritance and controls automation and cRMF
  • Non-vendor certifications (one or more): Security+, CISSP, Certified Ethical Hacker (C|EH), SFCP, GCIA, ISSEP, ISSMP, GCIH, GCFA, CSLC, CISM, CCNA, or CCNP
  • Vendor security certifications: AWS Security Specialty, AWS Solutions Architect, AWS Advanced Networking, etc.
  • Securing Kubernetes and the major cloud providers (CIS Benchmark for Kubernetes and the emerging DoD/DISA Kubernetes STIG, Consulting/working directly with clients, especially DoD and/or "Software Factory"

  • Insurance. We cover 100% of the employee-only premium and 80% of the combined dependent premium. We also cover 100% of the premium for employee and dependent Dental and Vision as well as employee premiums for Life and Disability coverage.
  • Retirement. 401k match at 10% gross pay.
  • Paid time off (PTO). 4 weeks combined accrued vacation and sick leave, 10 Federal holidays, your birthday, jury duty, and bereavement.
  • Education & Training. Accrued budget of up to $4,000 per year for classes, travel, events, and materials.
  • Wellness Budget. To encourage and support a well-rounded healthy lifestyle, we cover 50% reimbursement on a variety of wellness activities and products, up to $500 per calendar year.
  • Equipment. We offer a MacBook Pro, multi-port adapter, and USB-C CAC reader to all employees.