12 Aug
Cloud Engineer
Vacancy expired!
- The Contractor shall have a demonstrable ability to conduct proof-of-concept, proof-of- principle, pilot, or prototype testing in cloud-based environments; to include Amazon Web Services, Azure, and Google, at a minimum.
- The Contractor shall have a demonstrable capability to develop software code in multiple, cloud-relevant programming languages. The contractor shall submit a list of cloud-relevant programming languages as part of their response.
- The Contractor shall provide the deliverables associated with this SOW to include overseeing and tracking the implementation of new technologies and methodologies throughout the Department.
- The Contractor shall have strong technical capability to provide management of Zero Trust (ZT) Architecture, Policies, user-AUTH, Dual/Multi-Factor Authentication and other supporting key factors and dependencies.
- The Contractor shall demonstrate strong expertise in development within Cloud Environments (AWS, Azure, Google at a minimum), deployment of cloud applications in Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) environments, new or emerging technologies (ex. Software Defined – Wide Area Network (SD-WAN), Artificial Intelligence, Internet of Things (IoT), data warehousing, etc.), integration into existing services (ex. Public Key Infrastructure (PKI), Identity, Credential, and Access Management (ICAM), Internetwork Security, etc.), Cloud-based Network and Application Management, Cloud-based Performance and Scalability, and considering Service Level Agreement impacts are key to the success of the program.
- The Contractor shall conduct proof-of-concept, proof-of-principle, pilot, prototype testing in DHS-designated data center or cloud-environments, or other third-party environments if no sensitive information is involved.
- The Contractor shall utilize DHS change and release management, or other DHS change control processes.
- The Contractor shall utilize DHS security policy and guidance for the conduct of all activities (ex. DHS 4300A/B/C).
- The Contractor shall maintain the Quality Assurance Surveillance Plan (QASP), service level, and performance metrics.
- The Contractor shall have the technical expertise to effectively analyze or develop configurations in cloud-based programming languages, such as YAML, Python, JSON, and other standard cloud language sets.
- Cloud SMEs shall have a minimum of nine (9) years technical work experience, with two years’ minimum in the technical SME specialty, that demonstrates:
- The skill and ability to research, propose, test, implement, and deploy new technologies and methodologies to solve difficult problems and issues;
- A solid foundation in performing hands-on proof-of-concept, proof-of-principal, pilot, or prototyping new technologies or methodologies in lab environments.
- Hands-on experience integrating new technologies or methodologies into existing security technologies applicable towards Zero-Trust, Public Key Infrastructure / Public Key Encryption (PKI/PKE), Identity and Credential Access Management (ICAM), and Internet working (both cloud-based and non-cloud-based) to include IPv6 security;
- SMEs shall be familiar with the Zero Trust (ZT) Maturity Model, ZT Concepts for Federal Government Architectures, Supply Chain Risk Management (SCRM) concerns (as defined by Cybersecurity and Infrastructure Security Agency (CISA), Intelligence Community, National Institute of Standards and Technology (NIST), Department of Defense, and/or Department of Justice), and current ZT guidance applicable towards the Federal Government. Specific technical experience at an expert level of qualification in one or more of the following ZT technology areas:
- Identity, Credentialling, System Integration, and Identity Management (ICAM/IdM) Subject Matter Expertise in tying (a) data to data sensitivity, (b) users to identity vetting, and (c) identity vetting to data sensitivity. This includes both PKI-based Personnel Entities (PE's) and Non-Personnel Entities (NPE's) for multiple cloud environments (ex. AWS, Azure, Google, etc.) and cloud-to-cloud encrypted interconnections. This includes separated authentication and authorization systems, without or with limited identity vetting for limited access scenarios (ex. xiid);
- Asset and Inventory Management (AIM)\System Integration Subject Matter Expertise with experience integrating and interfacing Continuous Diagnostics and Mitigation (CDM) platforms;
- Security Monitoring Subject Matter Expertise in the ability to design and provide configuration templates for large-scale implementation of Command Line Session Logs (ex. sudoreplay), Container Logs (ex. kubectl logs), Kernel Sandboxing / Unikernel (ex. eBPF, Nemesis, Exokernel) violations, inter-cloud tracking mechanisms (ex. Cloud Tagging / tag key's for cloud-to-cloud authentication interconnections), sessions between containers and users (ex. Ingress on Kubernetes), and Mutual Transport Layer Security (mTLS) Reverse Proxy Client or Session-Based list (ex. Nginx, Blackridge IP cloak);
- CloudandNetworkEngineeringSubjectMatterExpertisewithasolidfoundation in cloud technologies (such as AWS, Azure, Google, Salesforce, etc.). Examples of relevant skills include integrating and encrypting in-transit between large-scale Cloud and non-Cloud-based email interfaces and head-ends.
Vacancy expired!