Secure Infrastructure Engineer

Dark Wolf is seeking a Secure Infrastructure Engineer to join our team. This engineer will be responsible for designing, hardening, and automating the deployment of secure baseline images for a major medical technology client. The ideal candidate will have deep expertise in Windows operating systems and database hardening, specifically aligning with STIGs. You will work within a surgical engineering team to define and build "Gold Images" that balance strict federal compliance with operational functionality. This position will call for support at a main DW office location at a hybrid capacity. Tasks may include assisting with:

• Designing and creating hardened "Gold Images" for core technologies including Windows Server 2025, Windows 11, and MS SQL.
• Automating the application of DISA STIGs and CIS Benchmarks using PowerShell, Ansible, or similar scripting tools.
• Integrating secure baselines into a centralized artifact repository for consumption by product teams.
• Developing and maintaining documentation for security policies, configuration changes, and exception handling.
• Collaborating with offensive security teams to validate image resilience against vulnerabilities.
• Analyzing vulnerability scan results (from tools like Nessus or proprietary pipelines) and remediating configuration drift.
• Deploying and maintaining a centralized artifact repository on cloud-native architecture (AWS/Azure).
• Building and maintaining CI/CD pipelines to automate the ingestion, scanning, and publishing of secure container images.
• Integrating low-CVE base images (e.g., via Chainguard) into the development supply chain.
• Implementing and managing automated compliance scanning tools (SAST/DAST/Fuzzing) within the build pipeline.

• Bachelor’s degree in IT Security, Information Systems, or equivalent
• Minimum of 4 years of experience in Systems Engineering, Infrastructure Operations, or working with commercial cloud providers (AWS, Azure, or GCP)
• Deep expertise in Windows Server and Desktop administration and configuration
• Proven experience applying and managing DoD DISA STIGs or CIS Benchmarks in an enterprise environment
• Extensive experience with Containerization (Docker, Kubernetes) and Container Security
• Strong proficiency in scripting and automation (PowerShell, Python, Ansible, or Terraform) to enforce security configurations
• Solid problem-solving skills and the ability to troubleshoot complex application failures caused by security hardening
• US Citizenship and ability to be clearable up to the Top Secret clearance with SCI eligibility

Desired Qualifications:

• Experience working in the healthcare industry or with medical device software
• Experience with Platform One, Iron Bank, or similar DoD software factories
• Understanding of the Risk Management Framework (RMF) and accreditation processes
• Experience hardening PostgreSQL or other relational databases
• Experience with automated compliance scanning tools and proprietary fuzzing or scanning pipelines
• Industry certifications, such as AWS Certified Solutions Architect, Security , or MCSE.

This position will be supported at a hybrid capacity at any of the following DW Office locations: Herndon, VA, Omaha, NE, Colorado Springs, CO, Tampa, FL.