Devops Security Engineer

📋 Description

• • Knox Systems is at the forefront of securing critical U.S. government missions by operating the largest Federal managed cloud. We build and manage secure cloud and AI environments that are vital for national security, public safety, and essential public services. Our clients depend on us to deploy production systems that meet the most stringent standards for security, reliability, and compliance. At Knox, your work is not only high-impact but also deeply purpose-driven. You will tackle high-stakes problems, operate in an environment of high expectations, and see the tangible results of your contributions. Speed, rigor, and trust are paramount, as the environments we secure absolutely cannot fail. Your expertise will be relied upon, and the impact of your work will be immediate and measurable. We operate at a federal scale, safeguarding some of the nation's most sensitive government environments, ensuring the systems we build perform flawlessly.
• • As a Cloud Security Engineer, you will be immersed in a hands-on DevSecOps role, dedicated to fortifying cloud-native, multi-tenant environments. These environments operate under strict FedRAMP Moderate High and NIST SP 800-53 compliance requirements. Your primary focus will be on preventative security measures, extensive automation, and ensuring continuous compliance. This involves embedding robust security controls directly into the infrastructure, CI/CD pipelines, and runtime operations. A key aspect of this role is the operationalization of CrowdStrike as a central Cloud-Native Application Protection Platform (CNAPP) and DevSecOps control. You will work alongside other security posture management (CSPM) tools to proactively prevent misconfigurations, significantly reduce risk, and maintain a constant state of audit readiness. This role requires close collaboration with both our external customers and internal engineering teams.
• • Customer Onboarding and Communication:
• • Act as a primary security point of contact for external customers who are deploying their applications into our regulated cloud environments.
• • Provide essential support during customer onboarding by meticulously validating their application security posture and ensuring their deployment readiness for FedRAMP-compliant environments.
• • Conduct thorough reviews of customer security documentation, architectural designs, and deployment workflows, ensuring alignment with Knox's platform security requirements.
• • Clearly and effectively communicate critical security requirements, any platform changes, incident escalations, and address customer compliance-related questions.
• • Federal Compliance and Governance (FedRAMP & NIST):
• • Implement, manage, and operate security controls mandated for FedRAMP Moderate High authorization, strictly adhering to NIST SP 800-53 standards.
• • Actively support Continuous Monitoring (ConMon) activities, which include diligent vulnerability tracking, maintaining Plans of Action & Milestones (POA&M) updates, and generating comprehensive compliance reports.
• • Maintain and rigorously validate FedRAMP security architecture artifacts, such as detailed network diagrams, data flow diagrams, trust boundary definitions, and control flow documentation.
• • Validate deployed infrastructure configurations and traffic patterns against approved FedRAMP architectures, leveraging flow logs and telemetry data for verification.
• • Security Tooling and Vendor Management:
• • Operate CrowdStrike as a foundational component of our CNAPP enforcement strategy and DevSecOps control framework. This includes detailed analysis of Indicators of Intrusion (IOI) and Indicators of Attack (IOA), vulnerability management using Spotlight, workload protection, and thorough review of telemetry logs for cloud workloads.
• • Integrate CrowdStrike CNAPP and its detection signals into automated Security Orchestration, Automation, and Response (SOAR) platforms and CI/CD workflows. This integration is crucial for supporting preventative controls, enabling rapid response, and facilitating Continuous Monitoring (ConMon) for FedRAMP compliance.
• • Coordinate and manage external penetration testing engagements, encompassing the entire lifecycle from scoping and access provisioning to findings review and remediation tracking.
• • Utilize application security tools, such as Burp Suite, to support internal security testing initiatives and facilitate remediation efforts.
• • DevOps, Automation, and Preventative Security:
• • Implement robust security and compliance gates within CI/CD pipelines to proactively prevent non-compliant infrastructure or code from reaching production environments.
• • Enforce policy-as-code guardrails for Identity and Access Management (IAM), networking configurations, logging practices, data encryption, and endpoint protection using Terraform.
• • Ensure that CrowdStrike coverage, logging capabilities, and monitoring are enforced as mandatory prerequisites for all deployments.
• • Prevent unauthorized cloud exposure by strictly enforcing network segmentation, approved ingress/egress traffic paths, and the principle of least privilege access.
• • Detect and remediate configuration drift using CSPM tools and sophisticated automated workflows.
• • Secure Kubernetes clusters and containerized workloads, ensuring they adhere to approved security baselines and configurations.