Knox is FedRAMP as a Service. SaaS apps achieve FedRAMP in 90 days, saving 90% in year 1 on Knox.
DevOps Security Engineer
Location
United States
Posted
98 days ago
Salary
$110K - $140K / year
Seniority
Senior
Job Description
DevOps Security Engineer
Knox Systems, Inc.
• Serve as a security point of contact for external customers deploying into regulated cloud environments. • Support customer onboarding by validating application security posture and deployment readiness for FedRAMP environments. • Review customer security documentation, architectures, and deployment workflows against platform security requirements. • Communicate security requirements, changes, incident escalations, and compliance questions clearly to customers. • Implement and operate security controls required for FedRAMP Moderate/High, aligned to NIST SP 800-53. • Support Continuous Monitoring (ConMon) activities, including vulnerability tracking, POA&M updates, and compliance reporting. • Maintain and validate FedRAMP security architecture artifacts, including network diagrams, data flow diagrams, trust boundaries, and control flows. • Validate deployed infrastructure and traffic patterns against approved FedRAMP architectures using flow logs and telemetry. • Operate CrowdStrike as part of the core CNAPP enforcement and DevSecOps control. • Integrate CrowdStrike CNAPP and detection signals into automated SOAR and CI/CD workflows to support preventative controls, response, and Continuous Monitoring (ConMon) for FedRAMP compliance. • Coordinate external penetration testing efforts, including scoping, access, findings review, and remediation tracking. • Use application security tools (e.g., Burp Suite) to support internal testing and remediation. • Implement security and compliance gates in CI/CD pipelines to prevent non-compliant infrastructure or code from reaching production. • Enforce policy-as-code guardrails for IAM, networking, logging, encryption, and endpoint protection using Terraform. • Ensure CrowdStrike coverage, logging, and monitoring are enforced as deployment prerequisites. • Prevent cloud exposure by enforcing network segmentation, approved ingress/egress paths, and least-privilege access. • Detect and remediate configuration drift using CSPM and automated workflows. • Secure Kubernetes clusters and containerized workloads to approved security baselines.
Job Requirements
- 4+ years of experience in Cloud Security, DevSecOps, or Security Operations roles.
- Hands-on experience operating CrowdStrike Falcon in production environments.
- Direct experience supporting FedRAMP environments and implementing NIST SP 800-53 controls.
- Experience working directly with external customers on security onboarding or deployment readiness.
- Strong experience with Wiz or similar CSPM/CNAPP platforms.
- Proficiency with Terraform and CI/CD tooling (GitHub, GitHub Actions).
- Experience securing multi-cloud environments (AWS required; Azure and/or GCP preferred).
- Strong written and verbal communication skills.
Benefits
- Medical
- Dental
- Vision
- Life & Disability
- Unlimited PTO
- Employee funded 401k plan
Related Guides
Related Categories
Related Job Pages
More DevOps Engineer Jobs
Release Engineer – Data Plane
ClickHouseClickHouse is an open-source, column-oriented OLAP database management system.
• Plan and execute rolling upgrades across tens of thousands of ClickHouse clusters, ensuring safety, correctness, and minimal customer impact • Own the full release pipeline: from pre-upgrade validation and staged rollouts to post-upgrade monitoring and incident response • Investigate and resolve production issues as part of a regular on-call rotation, including snowflake clusters and edge cases that automation can't yet handle • Build and improve the internal tooling and automation that makes large-scale database operations reliable and repeatable • Work closely with the core database and cloud infrastructure teams to identify operational pain points and turn them into solved problems • Support and educate other engineering teams using our internal tools
Release Engineer – Data Plane
ClickHouseClickHouse is an open-source, column-oriented OLAP database management system.
• Plan and execute rolling upgrades across tens of thousands of ClickHouse clusters, ensuring safety, correctness, and minimal customer impact • Own the full release pipeline: from pre-upgrade validation and staged rollouts to post-upgrade monitoring and incident response • Investigate and resolve production issues as part of a regular on-call rotation, including snowflake clusters and edge cases that automation can't yet handle • Build and improve the internal tooling and automation that makes large-scale database operations reliable and repeatable • Work closely with the core database and cloud infrastructure teams to identify operational pain points and turn them into solved problems • Support and educate other engineering teams using our internal tools
Release Engineer – Data Plane
ClickHouseClickHouse is an open-source, column-oriented OLAP database management system.
• Plan and execute rolling upgrades across tens of thousands of ClickHouse clusters, ensuring safety, correctness, and minimal customer impact • Own the full release pipeline: from pre-upgrade validation and staged rollouts to post-upgrade monitoring and incident response • Investigate and resolve production issues as part of a regular on-call rotation, including snowflake clusters and edge cases that automation can't yet handle • Build and improve the internal tooling and automation that makes large-scale database operations reliable and repeatable • Work closely with the core database and cloud infrastructure teams to identify operational pain points and turn them into solved problems • Support and educate other engineering teams using our internal tools
Intermediate DevOps Engineer
Imaginary CloudSoftware Development & UX/UI Design | Awarded Best Workplace Europe, Best Quality of Life & 2nd Best Workplace Portugal
• Cloud management, development, problem-solving, architecture, and client interaction • Develop and manage CI/CD pipelines • Drive system security, reliability, scalability, and performance • Work with multidisciplinary teams and engage with multiple projects
