Secure Infrastructure Engineer

Описание вакансии

Dark Wolf is seeking a Secure Infrastructure Engineer to join our team. This engineer will be responsible for designing, hardening, and automating the deployment of secure baseline images for a major medical technology client. The ideal candidate will have deep expertise in Windows operating systems and database hardening, specifically aligning with STIGs. You will work within a surgical engineering team to define and build "Gold Images" that balance strict federal compliance with operational functionality. This position will call for support at a main DW office location at a hybrid capacity. Tasks may include assisting with:

• Designing and creating hardened "Gold Images" for core technologies including Windows Server 2025, Windows 11, and MS SQL.
• Automating the application of DISA STIGs and CIS Benchmarks using PowerShell, Ansible, or similar scripting tools.
• Integrating secure baselines into a centralized artifact repository for consumption by product teams.
• Developing and maintaining documentation for security policies, configuration changes, and exception handling.
• Collaborating with offensive security teams to validate image resilience against vulnerabilities.
• Analyzing vulnerability scan results (from tools like Nessus or proprietary pipelines) and remediating configuration drift.
• Deploying and maintaining a centralized artifact repository on cloud-native architecture (AWS/Azure).
• Building and maintaining CI/CD pipelines to automate the ingestion, scanning, and publishing of secure container images.
• Integrating low-CVE base images (e.g., via Chainguard) into the development supply chain.
• Implementing and managing automated compliance scanning tools (SAST/DAST/Fuzzing) within the build pipeline.

Required Qualifications:

• Bachelor’s degree in IT Security, Information Systems, or equivalent
• Minimum of 4+ years of experience in Systems Engineering, Infrastructure Operations, or working with commercial cloud providers (AWS, Azure, or GCP)
• Deep expertise in Windows Server and Desktop administration and configuration
• Proven experience applying and managing DoD DISA STIGs or CIS Benchmarks in an enterprise environment
• Extensive experience with Containerization (Docker, Kubernetes) and Container Security
• Strong proficiency in scripting and automation (PowerShell, Python, Ansible, or Terraform) to enforce security configurations
• Solid problem-solving skills and the ability to troubleshoot complex application failures caused by security hardening
• US Citizenship and ability to be clearable up to the Top Secret clearance with SCI eligibility

Desired Qualifications:

• Experience working in the healthcare industry or with medical device software
• Experience with Platform One, Iron Bank, or similar DoD software factories
• Understanding of the Risk Management Framework (RMF) and accreditation processes
• Experience hardening PostgreSQL or other relational databases
• Experience with automated compliance scanning tools and proprietary fuzzing or scanning pipelines
• Industry certifications, such as AWS Certified Solutions Architect, Security+, or MCSE.

This position will be supported at a hybrid capacity at any of the following DW Office locations: Herndon, VA, Omaha, NE, Colorado Springs, CO, Tampa, FL.

The estimated salary range for this position is $150,000.00 - $180,000.00, commensurate on experience and technical skillset.

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.

We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.

In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.