Secure Infrastructure Engineer

About The Position

Requirements

• Bachelor’s degree in IT Security, Information Systems, or equivalent
• Minimum of 4+ years of experience in Systems Engineering, Infrastructure Operations, or working with commercial cloud providers (AWS, Azure, or GCP)
• Deep expertise in Windows Server and Desktop administration and configuration
• Proven experience applying and managing DoD DISA STIGs or CIS Benchmarks in an enterprise environment
• Extensive experience with Containerization (Docker, Kubernetes) and Container Security
• Strong proficiency in scripting and automation (PowerShell, Python, Ansible, or Terraform) to enforce security configurations
• Solid problem-solving skills and the ability to troubleshoot complex application failures caused by security hardening
• US Citizenship and ability to be clearable up to the Top Secret clearance with SCI eligibility

Nice To Haves

• Experience working in the healthcare industry or with medical device software
• Experience with Platform One, Iron Bank, or similar DoD software factories
• Understanding of the Risk Management Framework (RMF) and accreditation processes
• Experience hardening PostgreSQL or other relational databases
• Experience with automated compliance scanning tools and proprietary fuzzing or scanning pipelines
• Industry certifications, such as AWS Certified Solutions Architect, Security+, or MCSE.

Responsibilities

• Designing and creating hardened "Gold Images" for core technologies including Windows Server 2025, Windows 11, and MS SQL.
• Automating the application of DISA STIGs and CIS Benchmarks using PowerShell, Ansible, or similar scripting tools.
• Integrating secure baselines into a centralized artifact repository for consumption by product teams.
• Developing and maintaining documentation for security policies, configuration changes, and exception handling.
• Collaborating with offensive security teams to validate image resilience against vulnerabilities.
• Analyzing vulnerability scan results (from tools like Nessus or proprietary pipelines) and remediating configuration drift.
• Deploying and maintaining a centralized artifact repository on cloud-native architecture (AWS/Azure).
• Building and maintaining CI/CD pipelines to automate the ingestion, scanning, and publishing of secure container images.
• Integrating low-CVE base images (e.g., via Chainguard) into the development supply chain.
• Implementing and managing automated compliance scanning tools (SAST/DAST/Fuzzing) within the build pipeline.