Security Engineer
PMAT requires an application security (AppSec) engineer with hands-on experience building and protecting infrastructure, writing secure code, and coaching developers. The preferred candidate will be equally comfortable doing the work as teaching others and will be a key partner in growing the company’s security culture. Off-hours support may be required.
Primary Responsibilities
- Actively identify areas of security improvement within development processes and the project operations to decrease response times, increase effectiveness, eliminate waste, and streamline security operations.
- Develop automated controls as threats change, and new security tools and controls emerge.
- Develop real-time reporting mechanisms to monitor the health of the program
- Integrate new functionality with existing systems
- Partner with other development and business teams to manage dependencies and communicate technical specifications
- PMAT needs an application security (AppSec) engineer with hands-on experience building and protecting infrastructure, writing secure code, and coaching developers.
Basic Qualifications
Education: Bachelor’s degree in the appropriate field of study (CS, CIS, CSE)
Required Experience:
- 5-10 years of hands-on cyber experience (B.S. in computer science or equivalent can substitute for 3 of those), showing increasing levels of responsibility
- Linux fluency (Linux+ or equivalent, and interview demonstration of skills)
- Extensive experience writing secure applications in Java, Python, and other languages
- Cloud administration, security, and auditing experience
- Experienced with containers and orchestration (prefer Docker and Kubernetes)
- Strong familiarity with architectural concepts surrounding RESTful APIs and microservices
- Basic certifications showing interest and experience in cyber (Sec+, Ethical Hacking, and similar)
- Enjoys working in a team environment, possessing excellent writing and verbal communication, and enjoys teaching
Desired experience:
- Advanced cyber certifications (such as CISSP, CISM, ISSM)
- PKI management experience (Vault, LetsEncrypt)
- Architectural experience in large-scale container deployments
- Fluent in NIST standards and applications, particularly for DoD and/or IC customers
- ATO experience, including configuring and performing scans, consulting with developers on remediation, submitting eMASS artifacts
- AC skills, including prior usage of Ansible and Terraform
- CI/CD experience
Clearance: Eligible to obtain a Top Secret/SCI clearance with Counter-Intelligence Polygraph
Work Environment
If available, the work environment is primarily at a PMAT office. Remote work is secondary and must be approved by management. In some cases, work in a government facility may be required.