is seeking a
Secure Infrastructure Engineer to join our team. This engineer will be responsible for designing, hardening, and automating the deployment of secure baseline images for a major medical technology client. The ideal candidate will have deep expertise in Windows operating systems and database hardening, specifically aligning with STIGs. You will work within a surgical engineering team to define and build "Gold Images" that balance strict federal compliance with operational functionality. This position will call for support at a main DW office location at a hybrid capacity. Tasks may include assisting with:
- Designing and creating hardened "Gold Images" for core technologies including Windows Server 2025, Windows 11, and MS SQL.
- Automating the application of DISA STIGs and CIS Benchmarks using PowerShell, Ansible, or similar scripting tools.
- Integrating secure baselines into a centralized artifact repository for consumption by product teams.
- Developing and maintaining documentation for security policies, configuration changes, and exception handling.
- Collaborating with offensive security teams to validate image resilience against vulnerabilities.
- Analyzing vulnerability scan results (from tools like Nessus or proprietary pipelines) and remediating configuration drift.
- Deploying and maintaining a centralized artifact repository on cloud-native architecture (AWS/Azure).
- Building and maintaining CI/CD pipelines to automate the ingestion, scanning, and publishing of secure container images.
- Integrating low-CVE base images (e.g., via Chainguard) into the development supply chain.
- Implementing and managing automated compliance scanning tools (SAST/DAST/Fuzzing) within the build pipeline.
Required Qualifications:- Bachelor's degree in IT Security, Information Systems, or equivalent
- Minimum of 4+ years of experience in Systems Engineering, Infrastructure Operations, or working with commercial cloud providers (AWS, Azure, or GCP)
- Deep expertise in Windows Server and Desktop administration and configuration
- Proven experience applying and managing DoD DISA STIGs or CIS Benchmarks in an enterprise environment
- Extensive experience with Containerization (Docker, Kubernetes) and Container Security
- Strong proficiency in scripting and automation (PowerShell, Python, Ansible, or Terraform) to enforce security configurations
- Solid problem-solving skills and the ability to troubleshoot complex application failures caused by security hardening
- US Citizenship and ability to be clearable up to the Top Secret clearance with SCI eligibility
Desired Qualifications:- Experience working in the healthcare industry or with medical device software
- Experience with Platform One, Iron Bank, or similar DoD software factories
- Understanding of the Risk Management Framework (RMF) and accreditation processes
- Experience hardening PostgreSQL or other relational databases
- Experience with automated compliance scanning tools and proprietary fuzzing or scanning pipelines
- Industry certifications, such as AWS Certified Solutions Architect, Security+, or MCSE.
This position will be supported at a hybrid capacity at any of the following DW Office locations: Herndon, VA, Omaha, NE, Colorado Springs, CO, Tampa, FL.
The estimated salary range for this position is $150,000.00 - $180,000.00, commensurate on experience and technical skillset.
We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.
