Cybersecurity Engineer
Apex Systems, Radford, VA, United States
This position is for a
Cybersecurity Engineer
supporting a
Department of Defense (DoD) program
operating a largescale, containerized, Kubernetesbased, multitenant hosting environment used for enterprise and distributed applications across multiple global sites. The environment leverages Kubernetes and potentially Red Hat OpenShift to deliver cloudnative, softwaredefined infrastructure and managed services.
Because this role supports a sensitive, missioncritical DoD ecosystem.
Candidate must be capable of acquiring/maintaining an active DoD clearance for employment.
Position Duties
Deploy, configure, and manage cybersecurity tools designed for Kubernetes environments, including vulnerability scanners, runtime security platforms, and compliance frameworks.
Administer and maintain Kubernetesnative security tools such as ACA S (Nessus), AESS (endpoint security tools), KubeBench, KubeHunter, and Falco to ensure cluster security and compliance.
Implement and monitor rolebased access control (RBAC) and Pod Security Standards (PSS) to enforce least privilege and workload isolation.
Harden Kubernetes clusters and containerized workloads using industry best practices and applicable DoD security requirements.
Perform regular container image scanning using Trivy, Clair, Anchore, or similar tools to identify vulnerabilities.
Conduct Infrastructure as Code (IaC) scanning for Kubernetes manifests, Helm charts, and Terraform scripts using Checkov, KubeLinter, Polaris, or similar tools.
Ensure compliance with DoD cybersecurity frameworks, including assessments conducted with tools like KubeBench or OpenSCAP.
Deploy, configure, and administer SIEM platforms such as Splunk or Elasticsearch to monitor Kubernetes and container workloads.
Develop and integrate SIEM rules, queries, and dashboards for realtime detection and analysis of security incidents.
Monitor runtime security using tools such as Falco, Sysdig Secure, or Aqua Security to detect anomalous container and cluster behavior.
Collaborate with the cybersecurity incident response team to investigate and remediate security events.
Integrate security tools into CI/CD pipelines to automate scanning for code, images, and IaC configurations.
Work with DevOps teams to implement security gates ensuring only compliant workloads are deployed.
Automate routine administrative tasks using Ansible, Terraform, Python, Bash, or similar tools.
Collaborate with developers, Kubernetes administrators, and external cybersecurity teams to ensure security requirements and controls are met.
Review and respond to Cyber Tasking Orders (CTOs) and ensure timely implementation of required changes.
Maintain documentation for security configurations, processes, and operational workflows.
Provide reports on Kubernetes security posture, including vulnerability trends, compliance findings, and remediation status.
Assess threats and vulnerabilities across all computing assets and develop detection logic and risk indicators.
Ensure all systems report required logs to the SIEM, coordinating troubleshooting for nonreporting assets.
Review proposed SIEM configuration changes to ensure no negative security impact.
Coordinate regularly with cybersecurity service providers and system security officers.
Required Skills
Expertise in securing Kubernetes clusters and containerized workloads.
Handson experience with Kubernetesnative security tools (KubeBench, KubeHunter, Falco, etc.).
Proficiency with container image scanning tools such as Trivy, Clair, Anchore, and with VM scanning tools like ACAS/AESS.
Knowledge of IaC scanning tools (Checkov, Polaris, KubeLinter).
Experience with runtime security platforms (Falco, Sysdig Secure, Aqua Security).
Familiarity with DevSecOps frameworks and integrating security into CI/CD pipelines.
Experience implementing and monitoring Kubernetes RBAC, Pod Security Standards, and network policies.
Understanding of security/compliance frameworks such as CIS Benchmarks, NIST 80053, PCI DSS.
Experience implementing, tuning, and monitoring SIEM platforms (Splunk, Elasticsearch).
Strong understanding of cyber threat patterns, indicators of compromise (IOCs), and detection strategies.
Proficiency in automation using Ansible, Terraform, Python, Bash, or similar tools.
Desired Skills
Working knowledge of DoD STIGs and IA Vulnerability Management (IAVM).
Basic understanding of DoD Risk Management Framework (RMF) Assessment & Authorization.
Required Certifications
Meets DoD 8140 Cybersecurity baseline for ISSMrelated roles (e.g., Security+ CE).
Must obtain (within 6 months of hire) a relevant computing environment certification such as:
Certified Kubernetes Security Specialist (CKS)
Certified Kubernetes Administrator (CKA)
Red Hat Certified Specialist in OpenShift Administration
Cloud Native Security Certification (CNSC)
GIAC Kubernetes and Cloud Security (GCKS)
AWS Certified Security - Specialty
Microsoft Azure Security Engineer Associate
Or other relevant security/cloud/Kubernetes certification
Clearance Requirement
Active DoD clearance is required.
Position Location
Remote - occasional travel as needed
Education
Bachelor's degree or higher in an ITrelated field.
Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico. Everforth Apex uses a virtual recruiter as part of the application process. Click here for more details.
Everforth Apex Benefits Overview:
Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Everforth Apex team member can provide.
Cybersecurity Engineer
supporting a
Department of Defense (DoD) program
operating a largescale, containerized, Kubernetesbased, multitenant hosting environment used for enterprise and distributed applications across multiple global sites. The environment leverages Kubernetes and potentially Red Hat OpenShift to deliver cloudnative, softwaredefined infrastructure and managed services.
Because this role supports a sensitive, missioncritical DoD ecosystem.
Candidate must be capable of acquiring/maintaining an active DoD clearance for employment.
Position Duties
Deploy, configure, and manage cybersecurity tools designed for Kubernetes environments, including vulnerability scanners, runtime security platforms, and compliance frameworks.
Administer and maintain Kubernetesnative security tools such as ACA S (Nessus), AESS (endpoint security tools), KubeBench, KubeHunter, and Falco to ensure cluster security and compliance.
Implement and monitor rolebased access control (RBAC) and Pod Security Standards (PSS) to enforce least privilege and workload isolation.
Harden Kubernetes clusters and containerized workloads using industry best practices and applicable DoD security requirements.
Perform regular container image scanning using Trivy, Clair, Anchore, or similar tools to identify vulnerabilities.
Conduct Infrastructure as Code (IaC) scanning for Kubernetes manifests, Helm charts, and Terraform scripts using Checkov, KubeLinter, Polaris, or similar tools.
Ensure compliance with DoD cybersecurity frameworks, including assessments conducted with tools like KubeBench or OpenSCAP.
Deploy, configure, and administer SIEM platforms such as Splunk or Elasticsearch to monitor Kubernetes and container workloads.
Develop and integrate SIEM rules, queries, and dashboards for realtime detection and analysis of security incidents.
Monitor runtime security using tools such as Falco, Sysdig Secure, or Aqua Security to detect anomalous container and cluster behavior.
Collaborate with the cybersecurity incident response team to investigate and remediate security events.
Integrate security tools into CI/CD pipelines to automate scanning for code, images, and IaC configurations.
Work with DevOps teams to implement security gates ensuring only compliant workloads are deployed.
Automate routine administrative tasks using Ansible, Terraform, Python, Bash, or similar tools.
Collaborate with developers, Kubernetes administrators, and external cybersecurity teams to ensure security requirements and controls are met.
Review and respond to Cyber Tasking Orders (CTOs) and ensure timely implementation of required changes.
Maintain documentation for security configurations, processes, and operational workflows.
Provide reports on Kubernetes security posture, including vulnerability trends, compliance findings, and remediation status.
Assess threats and vulnerabilities across all computing assets and develop detection logic and risk indicators.
Ensure all systems report required logs to the SIEM, coordinating troubleshooting for nonreporting assets.
Review proposed SIEM configuration changes to ensure no negative security impact.
Coordinate regularly with cybersecurity service providers and system security officers.
Required Skills
Expertise in securing Kubernetes clusters and containerized workloads.
Handson experience with Kubernetesnative security tools (KubeBench, KubeHunter, Falco, etc.).
Proficiency with container image scanning tools such as Trivy, Clair, Anchore, and with VM scanning tools like ACAS/AESS.
Knowledge of IaC scanning tools (Checkov, Polaris, KubeLinter).
Experience with runtime security platforms (Falco, Sysdig Secure, Aqua Security).
Familiarity with DevSecOps frameworks and integrating security into CI/CD pipelines.
Experience implementing and monitoring Kubernetes RBAC, Pod Security Standards, and network policies.
Understanding of security/compliance frameworks such as CIS Benchmarks, NIST 80053, PCI DSS.
Experience implementing, tuning, and monitoring SIEM platforms (Splunk, Elasticsearch).
Strong understanding of cyber threat patterns, indicators of compromise (IOCs), and detection strategies.
Proficiency in automation using Ansible, Terraform, Python, Bash, or similar tools.
Desired Skills
Working knowledge of DoD STIGs and IA Vulnerability Management (IAVM).
Basic understanding of DoD Risk Management Framework (RMF) Assessment & Authorization.
Required Certifications
Meets DoD 8140 Cybersecurity baseline for ISSMrelated roles (e.g., Security+ CE).
Must obtain (within 6 months of hire) a relevant computing environment certification such as:
Certified Kubernetes Security Specialist (CKS)
Certified Kubernetes Administrator (CKA)
Red Hat Certified Specialist in OpenShift Administration
Cloud Native Security Certification (CNSC)
GIAC Kubernetes and Cloud Security (GCKS)
AWS Certified Security - Specialty
Microsoft Azure Security Engineer Associate
Or other relevant security/cloud/Kubernetes certification
Clearance Requirement
Active DoD clearance is required.
Position Location
Remote - occasional travel as needed
Education
Bachelor's degree or higher in an ITrelated field.
Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico. Everforth Apex uses a virtual recruiter as part of the application process. Click here for more details.
Everforth Apex Benefits Overview:
Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Everforth Apex team member can provide.