×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Senior Cybersecurity Engineer Security Clearance

Job in Tysons, Fairfax County, Virginia, USA
Listing for: Procession Systems
Full Time position
Listed on 2026-02-27
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Job Description & How to Apply Below
Position: 4345 Senior Cybersecurity Engineer with Security Clearance
OVERVIEW:
We are seeking a highly skilled Cybersecurity Engineer (CSE) with extensive experience in air-gapped and classified container platforms, CI/CD pipelines, security automation, and federal cybersecurity requirements. The ideal candidate will possess hands-on expertise in Kubernetes, Open Shift, registry management, security test automation, and the implementation of cybersecurity controls in compliance with federal standards like NIST 800-53, DISA STIGs, and RMF/ATO workflows.

A) Air-Gapped / Classified Container Platforms (Kubernetes/Open Shift/RKE2)
* Designing a Disconnected Cluster
* Design and manage a multi-container Open Shift hosted platform in an air-gapped enclave.
* Expertise in cross-domain CI/CD, blue-green testing, and platform deployment within disconnected environments.
* Familiar with image/helm/chart mirroring, FIPS 140 validated crypto, OS hardening (e.g., Alpine), and SELinux enforcing.
* Registry and Artifact Governance
* Maintain and govern a disconnected container registry, ensuring content sources, image signing, SBOMs, and vulnerability gating.
* Familiarity with tools such as Cosign, Syft, Grype, Trivy, OCI level attestations, and curated repository promotions.
* Admission Control & Policy Enforcement
* Enforce security baselines and policies without internet dependencies using tools like OPA Gatekeeper, Kyverno, and image provenance verification.
* Cluster Multi-Tenancy in SCIFs
* Implement RBAC, namespace isolation, and mTLS for mixed-sensitivity workloads within a SCIF (Sensitive Compartmented Information Facility).
* Patching and CVE Response Offline
* Manage critical Kubernetes CVEs in air-gapped enclaves through risk triage, change windows, and mirrored updates.

B) CI/CD & Security Test Automation (Disconnected)
* Pipeline Architecture for Classified Enclaves
* Design CI/CD pipelines to build, test, sign, scan, and promote containers across Dev → Test → Prod in closed networks.
* Familiarity with Git Lab/Jenkins runners, artifact promotion, and "compliance as code" practices.
* Automated Security Testing Coverage
* Implement automated tests for SAST, DAST, IAST, SCA, and IaC scanning within CI/CD pipelines.
* Ensure pipeline failures persist if discrepancies are detected.
* Evidence Generation for RMF
* Generate RMF/ATO evidence via automated pipeline outputs, mapping artifacts to NIST controls.
* Knowledge of OSCAL output, control mappings, and integration with evidence stores like eMASS.
* Promotion Gates & Provenance
* Ensure artifacts meet quality and security criteria (e.g., reproducible builds, signed/provenanced artifacts, passing STIG checks) before promotion to higher environments.
* Testing for Platform + App Security Regressions
* Implement tests for platform upgrade regressions using tools like kube-bench, kube-hunter, and e2e integration suites.

C) Federal Cybersecurity Requirements (RMF/ATO, STIGs, CNSS, FedRAMP)
* RMF Tailoring in Containerized Systems
* Tailor NIST 800-53 controls for microservices platforms, identifying platform vs. app team responsibilities.
* Work with shared responsibility matrices and control inheritance catalogs.
* DISA STIG Application to Kubernetes Workloads
* Apply and track Kubernetes/Docker/Open Shift STIG findings and exceptions.
* Implement a "STIG as code" approach in CI/CD pipelines and perform continuous drift checks.
* Continuous Monitoring (CONMON)
* Implement telemetry collection for CONMON using on-prem tools (e.g., Prometheus, Grafana, auditd, Falco).
* Design and manage control dashboards and evidence snapshots.
* ATO Acceleration through Automation
* Reduce ATO lead times using automated assessments, OSCAL generation, and integration with tools like eMASS.
* Policy Conflicts & Adjudication
* Reconcile conflicts between NIST, CNSS, and program-specific directives, leveraging risk-based decision memos and compensating controls.

D) Networking, Identity & Zero Trust in On-Prem/Classified Enclaves
* Zero Trust in Kubernetes
* Implement Zero Trust principles within Kubernetes beyond mTLS and RBAC, using tools like SPIFFE, SPIRE, and service mesh auth

Z.
* Offline PKI Operations
* Manage certificate…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search