Key skills
AWSIAMCI/CDCollaborationCloud SecurityWAF
About this role
Tantus, a Sikich Subsidiary, is seeking a Security Engineer to join their team. The role involves configuring, optimizing, and maintaining AWS WAF policies and security tooling, while ensuring compliance with security standards and best practices in cloud environments.
Responsibilities:
- Configure, tune, and document AWS WAF policies for in-scope applications in CMS OIT Hybrid AWS and QualityNet AWS per CMS change control procedures
- Coordinate with ADOs and platform teams on WAF and security tooling optimizations
- Support detection triage using CMS-approved tools (Security Hub, GuardDuty, Inspector) including rule tuning, configuration controls, and vulnerability management handoffs
- Provide security engineering support during CMS business hours and ad-hoc after-hours support for critical incidents upon Government request
- Document and maintain records of all WAF and security tooling changes for CMS oversight and audit readiness
- Implement and validate defense-in-depth controls against CMS policy and approved benchmarks (CIS, NIST, cloud vendor best practices)
- Record gaps, risks, and remediation actions in CMS-approved tracking tools; support posture dashboards
- Validate logging, monitoring, and detection coverage — including log source onboarding, alert configurations, and detection use cases
- Automate CI/CD pipeline security checks and embed DevSecOps best practices
- Support cloud migration security from QualityNet AWS to CMS OIT Hybrid AWS, including defining migration security tasks and validating control continuity
- Attend PI Planning events; contribute security user stories, acceptance criteria, and dependency identification
- Apply MITRE ATT&CK and Cyber Kill Chain frameworks to threat-informed detection and response
Requirements:
- Bachelor's degree in Cybersecurity, Computer Science, IT, or related field
- 7+ years of cybersecurity engineering or cloud security experience in a federal IT environment
- Hands-on expertise with AWS security services: WAF, Security Hub, GuardDuty, Inspector, IAM
- Experience with FISMA compliance, NIST 800-53 controls, and ATO documentation
- Proficiency with vulnerability scanning tools (Tenable, Nessus); familiarity with POA&M tracking
- Servant Leader – You are hyper focused on engaging employees, fostering their development, and building a positive culture
- Solutions Focused – You see opportunities in every business problem and can develop, articulate, and implement solutions
- Collaboration – You are a relationship builder across all levels of the organization and across all business units
- Instills Trust - You do what you say, and you follow through on commitments, you act with integrity, you are consistent and are perceived as credible
- Impact & Influence Thinking – You gain support for ideas, proposals, and solutions, and get others to act, with or without formal authority, to advance initiatives/objectives