The Opportunity:
The Information Systems Security Engineer (ISSE) is responsible for integrating security into the software development lifecycle (SDLC) to ensure that applications and systems are resilient against cyber threats. The ISSE will work closely with developers, architects, and IT teams to design secure software, enforce security policies, and mitigate vulnerabilities throughout the development process. This role requires a deep understanding of security architecture, secure software development practices, identity and access management, continuous monitoring, secure infrastructure as code, and incident response.
Responsibilities:
Security Architecture & Design:
Define security requirements for the CI/CD pipeline, ensuring alignment with organizational policies, regulatory frameworks (e.g., NIST, CIS, DoD STIGs), and industry best practices.
Design secure containerization strategies, including Pod Security Standards (PSPs), Security Context Constraints (SCCs), and RBAC policies in OpenShift.
Implement Zero Trust Architecture (ZTA) principles to secure access to OpenShift workloads.
Secure Software Development Integration:
Integrate security static (SAST), dynamic (DAST), and software composition analysis (SCA) tools into the CI/CD pipeline.
Ensure container image scanning (e.g., using Red Hat Advanced Cluster Security, Anchore, or Trivy) to detect vulnerabilities in base images and application code.
Establish policies to prevent deployment of non-compliant or vulnerable images into production.
Identity & Access Management (IAM):
Configure RBAC and OAuth integrations within OpenShift to enforce least privilege access.
Ensure multi-factor authentication (MFA) and certificate-based authentication for CI/CD system access.
Enforce secrets management practices, using tools like HashiCorp Vault, OpenShift Secrets, or AWS Secrets Manager.
Continuous Monitoring & Compliance:
Define and implement audit logging and security event monitoring (e.g., OpenShift Logging, SIEM integrations like Splunk, Elastic Security).
Enforce compliance automation using tools like OpenSCAP, KubeBench, or Ansible hardening playbooks.
Monitor Kubernetes network policies and service mesh security (e.g., Istio, OpenShift Service Mesh) to prevent unauthorized data flow.
Secure Infrastructure as Code (IaC):
Ensure Infrastructure as Code (IaC) templates (Terraform, Helm, Ansible) follow security best practices.
Apply GitOps security controls (e.g., ArgoCD, Flux) to prevent unauthorized changes in CI/CD pipelines.
Validate Kubernetes Role-Based Access Control (RBAC) policies, network segmentation, and pod security policies in the deployment stage.
Incident Response & Risk Management:
Develop and test incident response playbooks for OpenShift security breaches, ensuring alignment with the organization’s Cyber Incident Response Plan (CIRP).
Implement automated threat detection and response mechanisms within the CI/CD pipeline (e.g., anomaly detection with AI/ML security analytics).
Conduct risk assessments on OpenShift cluster configurations and applications.
Qualifications:
Required:
Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field. Master’s degree preferred.
Minimum of [7] years of experience in information security, with a focus on secure software development andcontainerization.
Experience with OpenShift, Kubernetes, and CI/CD pipelines.- Proven experience in implementing security controls and compliance frameworks (e.g., NIST, CIS, DoD STIGs).
Strong understanding of security principles, practices, and architectures.
Proficiency in security tools and technologies (e.g., SAST, DAST, SCA, SIEM, IaC tools).
Excellent analytical and problem-solving skills.
Strong communication and collaboration skills.
Ability to work in a team environment and manage multiple tasks simultaneously.
-________________________________________________________________________________________
What You Can Expect:
A culture of integrity.
At CACI, we place character and innovation at the center of everything we do. As a valued team member, you’ll be part of a high-performing group dedicated to our customer’s missions and driven by a higher purpose – to ensure the safety of our nation.
An environment of trust.
CACI values the unique contributions that every employee brings to our company and our customers - every day. You’ll have the autonomy to take the time you need through a unique flexible time off benefit and have access to robust learning resources to make your ambitions a reality.
A focus on continuous growth.
Together, we will advance our nation's most critical missions, build on our lengthy track record of business success, and find opportunities to break new ground — in your career and in our legacy.
Your potential is limitless. So is ours.
Learn more about CACI here.
________________________________________________________________________________________
Pay Range: There are a host of factors that can influence final salary including, but not limited to, geographic location, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, education, and certifications. Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives. We offer competitive compensation, benefits and learning and development opportunities. Our broad and competitive mix of benefits options is designed to support and protect employees and their families. At CACI, you will receive comprehensive benefits such as; healthcare, wellness, financial, retirement, family support, continuing education, and time off benefits. Learn more here.
The proposed salary range for this position is:
$103,800 - $218,100CACI is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, age, national origin, disability, status as a protected veteran, or any other protected characteristic.