Apply on Employer Site

SciTec, Inc. · 1 day ago

Staff / Sr Staff Cybersecurity Engineer

Boulder, CO

Full-time

Onsite

Senior Level, Lead/Staff

$98K/yr - $146K/yr

2+ years exp

SciTec, Inc. is a dynamic small business focused on delivering advanced sensor data processing technologies and scientific instrumentation capabilities for National Security and Defense. They are seeking experienced Staff and Senior Staff Cybersecurity Engineers to manage security policies, develop threat models, and ensure compliance with government security policies.

AerospaceConsultingInformation Technology

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Stay up to date with latest revisions of NIST RMF revisions and develop/update policy documents as needed

Document and implement security of the Continuous Integration (CI) pipelines in GitLab CI/CD using JFrog Artifactory, SonarQube, and Ansible

Develop threat models and other required documentation that describe end-to-end security of the SDLC

Manage integration, security scanning, and deployment security of multiple applications into orchestrated frameworks

Ensure software promotions comply with government security policies at all classification levels

Manage AWS (GovCloud) security to maintain integrity of software artifacts

Other duties as assigned

Qualification

NIST RMFDevSecOpsContainer securityPython3GitLab CI/CDSoftware vulnerability assessmentDetail orientedCommunication skills

Required

Bachelor's degree in cybersecurity, computer science, engineering, mathematics, or physical sciences

At least two years of professional experience building and executing DevOps or DevSecOps solutions using Continuous Integration / Continuous Deployment (CI/CD)

Demonstrated experience in NIST RMF, CMMC, and STIG compliance

Demonstrated experience in applying security best practices to containerized solutions and orchestration frameworks such as Docker, Podman, Kubernetes, etc

Demonstrated cybersecurity protocols are followed in development, test and production environments

Knowledgeable with different types of software licenses (Public Domain, LGPL, Permissive, Copy Left, Proprietary)

The ability to obtain and maintain a DoD security clearance

Ability to work 100% on-site

Detail oriented

Good verbal and written communication skills

Preferred

Demonstrated experience with static and dynamic analysis tools

Demonstrated experience with software package artifact management using JFrog Artifactory, Nexus or similar

Experience with software vulnerability assessment and remediation using SAST/DAST and tools like Sonarqube

Experience with Python3 or C++

Experience with container security tools such as Grype, Syft, Snyk, etc

Systems and service administration in a Linux environment, including the installation and maintenance of applications supporting CI/CD like Gitlab, etc