Position Summary
ERT is seeking a DevSecOps IT Security Engineer to support the Advanced Weather Interactive Processing System (AWIPS), a critical lifesaving enterprise system of the National Oceanic and Atmospheric Administration's (NOAA) National Weather Service (NWS).
The IT Security Engineer to embed with Agile teams supporting the migration and modernization of AWIPS (Advanced Weather Interactive Processing System) into a cloud-native, microservices-based enterprise platform.
The IT Security Engineer will ensure security is integrated into every stage of development and delivery by partnering with developers, system engineers, and product owners. This role will design, implement, and monitor security controls across cloud environments, pipelines, and applications to meet mission, compliance, and regulatory requirements.
Agile Team Support & DevSecOps
1. Embed with Agile teams to provide hands-on security engineering during feature and enabler development.
2. Automate security controls and testing in CI/CD pipelines (static code analysis, container scanning, IaC validation).
3. Collaborate with Product Owners to define security-related acceptance criteria.
Cloud & Application Security
4. Implement identity and access management (IAM), secrets management, and role-based access controls.
5. Ensure microservices follow secure communication practices (mTLS, API gateways, encryption in transit/at rest).
6. Work with Cloud Systems Engineers to enforce network segmentation, firewalls, and zero-trust designs.
Compliance & Risk Management
7. Implement security controls aligned with NIST, FedRAMP, and FISMA frameworks.
8. Support audits, security assessments, and Authority to Operate (ATO) processes.
9. Document and communicate security risks to program leadership and stakeholders.
Monitoring & Incident Response
10. Deploy and maintain cloud-native security monitoring tools (e.g., GuardDuty, Security Hub, Azure Defender, Chronicle).
11. Establish logging, alerting, and response workflows integrated with mission operations.
12. Assist in investigation and remediation of security incidents.
Continuous Improvement
13. Stay current with emerging security threats and best practices for cloud-native architectures.
14. Promote “shift-left” security and foster a culture of shared responsibility for cybersecurity across teams.
15. Contribute to Inspect & Adapt workshops by highlighting security gaps and solutions.
Required Skills
16. 5+ years of experience in IT security, cloud security, or DevSecOps engineering.
17. Strong knowledge of cloud platforms (AWS, Azure, GCP) and their native security services.
18. Hands-on experience with CI/CD pipeline security tooling (e.g., GitLab CI, Jenkins, SonarQube, Aqua, Snyk, Twistlock).
19. Familiarity with encryption standards, IAM, zero-trust, PKI, and container security.
20. Experience with compliance standards (NIST 800-53, FedRAMP, FISMA).
21. Excellent communication and collaboration skills to work directly with Agile teams.
22. Must be a US Citizen or Permanent Resident and be able to pass a background investigation to obtain a security badge to enter the applicable government facility.
Desired
23. Security certifications: CISSP, CCSP, AWS Security Specialty, or equivalent.
24. Experience supporting federal mission systems (NOAA, NWS, DoD, DHS).
25. Background in large-scale cloud migrations or data-intensive platforms.
26. Familiarity with SAFe or other scaled agile frameworks.
Education
Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).
Location
This position supports work at NOAA's Silver Spring and College Park, MD facilities.
Compensation
The salary range for this role is $66,000 - 242,000/year. This range is a good faith estimate based on similar roles across the organization. ERT uses several factors when extending an offer, including but not limited to, the position's scope and expected duties, a candidate’s work experience, education/training, and key skills.
Benefits
All full-time employees are eligible to participate in our flexible benefits package, which includes:
27. Medical, Rx, Dental, and Vision Insurance
28. 401(k) retirement plan with company-matching
29. 11 Paid Federal Government Holidays
30. Paid Time Off (PTO)
31. Basic Life & Supplemental Life
32. Health Savings Account, Flexible Spending and Dependent Care Flexible Spending Accounts
33. Short-Term & Long-Term Disability
34. Employee assistance program (EAP)
35. Tuition Reimbursement, Personal Development & Learning Opportunities
36. Skills Development & Certifications
37. Professional Membership Reimbursement
38. Employee Referral Program
39. Competitive compensation plan
40. Discretionary variable incentive bonuses based on factors such as individual performance, business unit performance, and/or the company’s performance
41. Publication and Conference Presentation Awards with bonuses
ERT is a VEVRAA Federal Contractor and Equal Opportunity employer - All qualified applicants will be considered for employment without regard to race, color, religion, sex, national origin, disability, or protected Veteran status.