Devops Security Engineer

About The Position

Requirements

• 4+ years of experience in Cloud Security, DevSecOps, or Security Operations roles.
• Hands-on experience operating CrowdStrike Falcon in production environments.
• Direct experience supporting FedRAMP environments and implementing NIST SP 800-53 controls.
• Experience working directly with external customers on security onboarding or deployment readiness.
• Strong experience with Wiz or similar CSPM/CNAPP platforms.
• Proficiency with Terraform and CI/CD tooling (GitHub, GitHub Actions).
• Experience securing multi-cloud environments (AWS required; Azure and/or GCP preferred).
• Strong written and verbal communication skills.

Nice To Haves

• Experience supporting or collaborating with SOC or incident response teams.
• Experience managing external penetration testing engagements.
• Familiarity with System Security Plans (SSPs) and audit artifacts.
• Relevant certifications (AWS Security Specialty, CISSP, CISM, CCSP).
• Experience applying automation or AI-assisted tools to security workflows.

Responsibilities

• Customer Onboarding & Communication
• Serve as a security point of contact for external customers deploying into regulated cloud environments.
• Support customer onboarding by validating application security posture and deployment readiness for FedRAMP environments.
• Review customer security documentation, architectures, and deployment workflows against platform security requirements.
• Communicate security requirements, changes, incident escalations, and compliance questions clearly to customers.
• Federal Compliance & Governance (FedRAMP/NIST)
• Implement and operate security controls required for FedRAMP Moderate/High, aligned to NIST SP 800-53.
• Support Continuous Monitoring (ConMon) activities, including vulnerability tracking, POA&M updates, and compliance reporting.
• Maintain and validate FedRAMP security architecture artifacts, including network diagrams, data flow diagrams, trust boundaries, and control flows.
• Validate deployed infrastructure and traffic patterns against approved FedRAMP architectures using flow logs and telemetry.
• Security Tooling & Vendor Management
• Operates CrowdStrike as part of the core CNAPP enforcement and DevSecOps control, including IOM/IOA analysis, vulnerability management (Spotlight), workload protection, and telemetry/log review for cloud workloads.
• Integrate CrowdStrike CNAPP and detection signals into automated SOAR and CI/CD workflows to support preventative controls, response, and Continuous Monitoring (ConMon) for FedRAMP compliance.
• Coordinate external penetration testing efforts, including scoping, access, findings review, and remediation tracking.
• Use application security tools (e.g., Burp Suite) to support internal testing and remediation.
• DevOps, Automation, & Preventative Security
• Implement security and compliance gates in CI/CD pipelines to prevent non-compliant infrastructure or code from reaching production.
• Enforce policy-as-code guardrails for IAM, networking, logging, encryption, and endpoint protection using Terraform.
• Ensure CrowdStrike coverage, logging, and monitoring are enforced as deployment prerequisites.
• Prevent cloud exposure by enforcing network segmentation, approved ingress/egress paths, and least-privilege access.
• Detect and remediate configuration drift using CSPM and automated workflows.
• Secure Kubernetes clusters and containerized workloads to approved security baselines.

Benefits

• Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change.