phia, LLC

• Own day-to-day operations of the Burp Suite Enterprise DAST program: scan scheduling, agent and Linux infrastructure health, scan tuning, and result triage across multiple federal application environments. • Configure and troubleshoot authenticated scans against modern web applications and APIs, including recorded login sequences (via the official Burp recorder Chrome extension), session-handling rules, and macro-based re-authentication. • Diagnose and resolve Burp Enterprise scan failures end to end: consecutive audit-item failures, skipped insertion points, timeouts, session invalidation, and authentication state loss. • Extend Burp Suite Professional with custom extensions (Python/Java/Montoya API) to automate repetitive manual verification, custom authentication flows, and findings validation for the bug bounty program. • Design and implement authenticated scan workflows that survive multi-factor authentication, including SMS one-time passwords, TOTP tokens, hardware dongles, PIV and smart card client-certificate authentication, and SSO federation. • Administer the AppSec team’s own Linux infrastructure in AWS (currently EC2 with containerized Burp Enterprise components) and contribute to the migration to on-premise OpenShift. • Convert legacy Python and shell tooling left behind by previous engineers into Ansible roles and playbooks; manage YAML, Dockerfiles, and Kubernetes manifests as code. • Integrate AppSec tooling into GitHub Actions workflows alongside Dependabot SCA, including the appropriate use of workflow_dispatch versus workflow_call patterns and reusable workflows. • Provide secondary support to the broader AppSec toolset: Veracode SAST, Contrast IAST for interactive scanning and runtime security testing, GitHub Advanced Security workflows, and the HackerOne bug bounty program (validating reported findings with Burp Suite Professional).

Role Description phia is hiring a Senior Cybersecurity Engineer (Cloud Security) to support cyber defense engineering and operations at a large Federal agency. This role will provide technical expertise for hybrid, multi-cloud environments, focusing on security configuration hardening, integration, and automation, to protect assets, data, and identity. These efforts will enable proactive threat & fraud detection and mitigation, and continuous policy compliance assessment. This position offers REMOTE work flexibility, while primary customer locations include the Fairfax, VA and Raleigh, NC areas. Qualified candidates must be U.S. Citizens and located in the United States. The position requires Public Trust security vetting approval. What You’ll Do - Security Posture & Compliance Automation: Design and implement automated compliance assessments to enforce hardening standards (CIS, NIST) across cloud accounts and on-premises virtualized environments. - Asset & Data Security: Architect and maintain the security of our sprawling asset inventory. Implement data-at-rest and data-in-transit encryption strategies that span from physical data center servers to cloud-native storage. - Identity & Fraud Mitigation: Develop and secure the "Identity Fabric" linking 600k+ employees and millions of commercial customers. Collaborate with Fraud teams to integrate signals from SIEM and Databricks to detect and block malicious account activity. - Hybrid Engineering: Build and manage secure connectivity (Transit Gateways, Service Mesh) between on-premises hypervisors and multi-cloud environments, ensuring consistent policy enforcement. - Threat Detection & Response: Partner with the SOC to develop high-fidelity detection logic. Build SOAR playbooks that automate the isolation of compromised cloud workloads or on-premises VMs. - Efficacy Assessment: Support ongoing "Purple Team" exercises and control testing to validate that security tools (EDR, WAF, DLP) are performing as intended across all tenants. - AI/ML Security Governance (Adversarial Defense): Establish security guardrails for the enterprise’s internal and customer-facing AI models. This includes protecting Databricks training pipelines from data poisoning and implementing mitigations for LLM-specific threats like prompt injection and sensitive data leakage. - Hyper-Automation of Security Operations: Drive the transition from manual "click-to-operate" security to Autonomous Security Operations. This involves building advanced SOAR playbooks that use ML-based triggers to perform auto-remediation across hybrid environments without human intervention. - Business Process Streamlining: Partner with business units to integrate security "invisibly" into their workflows. Use automation to reduce "security friction" in logistics and retail operations, ensuring that compliance checks (like PCI or SOC2) are performed continuously and programmatically. - AI Asset Management: Discover and catalog "Shadow AI" usage across the enterprise, ensuring all third-party AI tools meet the enterprise’s privacy and security standards. Communicate findings and insights clearly to technical and business stakeholders. Qualifications - Expert-level knowledge of security architectures in AWS, Azure, and Google Cloud. - Mastery of Terraform, Ansible, or CloudFormation to deploy and manage security configurations at massive scale. - Ability to leverage Databricks to perform deep-dive analysis on billions of logs for threat hunting and efficacy reporting. - Experience securing Kubernetes (EKS/AKS/GKE) and Docker environments, focusing on runtime protection and image integrity. - Proficiency with OAuth 2.0, SAML, and CIAM solutions for large-scale customer and employee authentication. - Proficiency in using Python (PySpark/Pandas) within Databricks to build custom anomaly detection models that go beyond standard SIEM correlation rules. - Knowledge of the OWASP Top 10 for LLMs and experience implementing AI gateways or "firewalls" to monitor and filter AI-generated traffic. - Deep expertise in building "glue code" that connects disparate COTS and custom applications via secure, automated APIs to streamline cross-functional business activities. - The ability to explain to non-technical stakeholders how AI-driven security decisions are made and how to handle "false positives" at scale. - A relentless focus on identifying repetitive manual tasks and replacing them with self-healing, automated systems. Requirements - Bachelor’s and/or Master’s degree preferred, but can be substituted with significant experience. - 8+ years of relevant experience (cybersecurity architecture & engineering). - 4+ years focused on large-scale cloud or hybrid environments. Preferred Skills - Demonstrated AI or Machine Learning expertise applied to solve security or operational scaling problems. - Demonstrated experience managing environments with 10,000+ workloads and high-availability requirements for retail/commercial applications. - Experience with Databricks and Splunk (cloud data integration, analytics, etc.). Certifications (preferred) - Certified Information Systems Security Professional (CISSP) - Certified Cloud Security Professional (CCSP) - GIAC Public Cloud Security (GPCS) - GIAC Cloud Security Automation (GCSA) - Amazon Web Services (AWS) Certified Security – Specialty - Google Professional Cloud Security Engineer - Microsoft Certified: Azure Security Engineer Associate Security Clearance/Vetting - U.S. Citizenship required - Ability to complete Public Trust vetting

• Plan, schedule, and administer SAST and DAST scans using Veracode across a portfolio of federal web applications • Conduct hands-on application security assessments using Burp Suite Enterprise – including proxy capture, authentication testing, repeater analysis, and manual verification of findings • Triage scan results to distinguish true positives from false positives • Integrate and maintain security tooling within CI/CD pipelines using GitHub Actions • Support complex authentication testing scenarios including PIV card, EntraID, and SSO configurations • Operate Contrast for IAST coverage across 150+ applications • Communicate findings, status, and remediation guidance to development teams and federal clients during daily stand-ups and technical sessions • Maintain working knowledge of evolving threats and federal compliance requirements