Job description
Overview
Software/Container Security Engineer - 25-021 CONTINGENT is a full-time, contingent opportunity based in San Diego, California. The role focuses on oversight of container information security for NIWC PAC in Point Loma, CA, identifying potential security configurations, risks and vulnerabilities in the container environment, and providing container vulnerability assurance including compliance with configuration requirements and security controls.
Responsibilities
• Core Security Expertise
• Application Security Fundamentals
• Experience with static application security testing (SAST), dynamic application security testing (DAST) and software composition analysis (SCA) tools and processes
• Understanding of common web application vulnerabilities (OWASP Top 10, SANS Top 25)
• Understanding of API security best practices (REST, GraphQL)
• Knowledge of secure coding principles and best practices for Java
• Risk assessment and management
• Identity and Access Management (IAM) principles and best practices (RBAC, ABAC, least privilege)
• Data security and privacy principles (encryption in transit/at rest, data classification)
• Security logging, monitoring and incident response fundamentals
• Container & Orchestration Security
• Containerization technologies; securing container registries (e.g., Docker Hub, Quay, Azure Container Registry, ECR, GCR)
• Docker, container runtimes (containerd, Podman) and image best practices (multi-stage builds, minimal images)
• Container networking and storage security; Kubernetes/OpenShift security
• Hardening Kubernetes clusters (kube-bench, CIS benchmarks) and securing workloads/configurations
• Kubernetes security primitives (Network Policies, Pod Security Policies/Admission Controllers, Service Accounts, Secrets, RBAC)
• Understanding admission controllers for security enforcement
• Container Security Tools and Scanning (Trivy, Clair, Anchore, Snyk Container)
• Container runtime security tools (Falco, Sysdig Secure, Aqua, Twistlock/Palo Alto Prisma Cloud)
• DevSecOps & Automation
• CI/CD integration and security within pipelines (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps Pipelines, ArgoCD)
• Automating security checks (SAST, DAST, SCA, container and IaC scanning)
• Artifact management and secure supply chain principles
• Infrastructure as Code (IaC) Security; familiarity with Terraform, CloudFormation, Ansible, Helm
• Scripting & Automation (Python, Bash, Go) for security task automation
• Version Control and collaborative development workflows (Git, PRs, branching)
• Agile & Collaboration Skills
• Experience in Agile/Scrum/Kanban environments
• Integrating security activities into sprints and release cycles; security shift-left mindset
• Strong verbal and written communication; ability to explain complex security concepts to technical and non-technical audiences
• Collaboration with developers, operations, QA and product owners; constructive feedback and guidance
• Problem-Solving and analytical skills to identify and remediate security issues
Requirements
• Must possess an active Top-Secret clearance
• Bachelors degree from an accredited college/university is desired
• Five years of related experience
• Hands-on experience with container image scanning tools (e.g., Trivy, Clair, Anchore, Snyk Container)
• Experience with SAST, DAST and SCA tools and processes
• Experience with container registries and securing them
• Expertise with Docker, container runtimes and image best practices
• Experience with container runtime security tools (Falco, Sysdig Secure, Aqua Security, Twistlock/Palo Alto Prisma Cloud)
• Experience in Agile/Scrum/Kanban teams
• Experience integrating security tools into CI/CD pipelines (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps Pipelines, ArgoCD)
• Proficiency in at least one scripting language (Python, Bash, Go) for automation
• Strong understanding of Git and collaboration workflows
• Strong analytical and problem-solving skills; ability to communicate security concepts clearly
Salary Range: $135K-155K. Based on qualifications, placement in Level I-V. An essential qualification is having a security clearance issued by the Federal Government, which may require a background check. E-Verify is used to confirm employment eligibility. AUSGARs salary range includes base salary and benefits and is dependent on factors such as experience, skills, education and location. AUSGAR Technologies, Inc. is an equal opportunity employer. If you require reasonable accommodation during the application process due to a disability, please email jobs@ausgar.com.
#J-18808-Ljbffr
Requirements
• Scripting & Automation (Python, Bash, Go) for security task automation
• Experience in Agile/Scrum/Kanban environments
• Must possess an active Top-Secret clearance
• Five years of related experience
• Hands-on experience with container image scanning tools (e.g., Trivy, Clair, Anchore, Snyk Container)
• Experience with SAST, DAST and SCA tools and processes
• Experience with container registries and securing them
• Expertise with Docker, container runtimes and image best practices
• Experience with container runtime security tools (Falco, Sysdig Secure, Aqua Security, Twistlock/Palo Alto Prisma Cloud)
• Experience in Agile/Scrum/Kanban teams
• Experience integrating security tools into CI/CD pipelines (Jenkins, GitLab CI/CD, GitHub Actions, Azure DevOps Pipelines, ArgoCD)
• Proficiency in at least one scripting language (Python, Bash, Go) for automation
• Strong understanding of Git and collaboration workflows
• Strong analytical and problem-solving skills; ability to communicate security concepts clearly
• An essential qualification is having a security clearance issued by the Federal Government, which may require a background check
