Cybersecurity Assessment Engineer

This is a fully remote position, open to applicants in Colorado, +3 more states.

📋 Description

• Facilitate coordination between the Principal Security Engineer, Platform team, and Customer Operations team.

• Evaluate web application artifacts of customer-developed applications and offer constructive feedback.

• Serve as the primary representative of the cybersecurity team for software development and mission success teams.

• Support the development of incident response plans to address application outages or downtime.

• Perform thorough assessments of cloud infrastructure, applications, and containerized environments to ensure adherence to DISA STIGs, SRGs, and CIS Benchmarks.

• Create, review, and sustain high-quality security documentation, including System Security Plans (SSP), Security Assessment Plans (SAP), and Security Assessment Reports (SAR).

• Track and report on the effectiveness of security controls, ensuring the platform upholds a robust and authorized security posture.

• Leverage automated scanning tools (e.g., Anchore, Trivy, Tenable) to detect vulnerabilities, identify true positives, and offer actionable remediation advice to development teams.

• Implement and oversee technical workflows for SBOMs (Software Bill of Materials) to align with modern, continuous authorization standards.

• Collaborate with DevOps and Software Engineering teams to convert complex NIST 800-53 controls into actionable technical requirements.

⛳️ Requirements

• 3-5 years of applicable experience.

• Secret Level Clearance (or higher).

• Capability to obtain DOD 8570 Baseline Certification for IAT II within 6 months of the hire date (preferably CYSA+).

• Intermediate understanding of DevSecOps tools and software development practices.

• Experience in cybersecurity with a grasp of vulnerability risk analysis.

• Practical experience in assessing or securing services within AWS, Azure, or GCP, especially in PaaS or Kubernetes environments.

• Solid knowledge of NIST SP 800-37 (RMF) and NIST SP 800-53 rev 5 security controls.

• Comprehensive understanding of the FedRAMP authorization process and Department of Defense (DoD) security standards.

🏝️ Benefits

• Competitive Salary.

• 100% Healthcare, vision, and dental coverage.

• 401(k) with a 3% company contribution.

• Equity incentive plan.

• Tech and office supplies stipend.

• Annual professional development stipend.

• Flexible paid time off and federal holidays off.

• Parental leave.

• Work from anywhere.

• Referral Bonus.