Quzara LLC

Manage vulnerability scanning, penetration testing tools, and compliance documentation for federal environments. | Experience with vulnerability management, penetration testing, FedRAMP, NIST 800-53, and security tools. | Job Title: Vulnerability Management Engineer (FedRAMP & Pen Test Support) Pay Type: SALARIED EXEMPT  Location: Remote Citizenship Requirement: U.S. Citizen (Required) Summary of Position Role/Responsibilities The Vulnerability Management Engineer (FedRAMP & Pen Test Support) is responsible for delivering and scaling Quzara’s Authorized Vulnerability Management Services while providing technical enablement for high-impact penetration testing efforts supporting federal and regulated customers. This role owns the end-to-end vulnerability management lifecycle, including scanner configuration, continuous monitoring execution, remediation coordination, and tool maintenance. The position requires hands-on expertise with enterprise vulnerability scanning platforms and penetration testing toolchains, as well as a deep understanding of FedRAMP Continuous Monitoring (ConMon) and NIST 800-53 requirements. The ideal candidate is a practitioner who can operate independently in regulated environments, maintain audit-ready tooling, and translate scan output into actionable remediation guidance. Essential Functions of the Job * Install, configure, maintain, and patch penetration testing toolsets (e.g., Burp Suite Pro, Metasploit, Kali Linux) for use in federal and regulated engagements. * Execute and manage monthly FedRAMP Continuous Monitoring (ConMon) activities, including vulnerability scanning, deviation analysis, and POA&M generation. * Configure, optimize, and maintain Tenable.io / Nessus scanners and web application scanning (WAS) tools to ensure accurate and comprehensive asset coverage. * Own the health, licensing, patching, and lifecycle management of all vulnerability management and penetration testing tools to ensure continuous audit readiness. * Analyze scan results and collaborate with Site Reliability Engineers (SREs), infrastructure teams, and application owners to drive timely remediation. * Interpret vulnerability data across Windows, Linux, database, container, and web application assets and provide remediation guidance aligned with federal baselines. * Support penetration testing preparation and execution by ensuring testing environments, tools, and configurations are compliant and operational. * Provide vulnerability evidence, scan reports, and remediation documentation to support FedRAMP, FISMA, and third-party assessment activities. * Continuously improve vulnerability management processes, scan coverage, and reporting accuracy across Quzara environments.. Marginal Functions of the Job * Other duties as assigned Normal Work Schedule This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job. Education, Training, and Experience * 4+ years of experience in Vulnerability Management or Penetration Testing support within FedRAMP or Federal environments. * Expert-level proficiency with Tenable.io / Nessus, including scanner deployment, policy tuning, and result interpretation. * Hands-on experience maintaining and operating penetration testing platforms (e.g., Kali Linux, Burp Suite, Metasploit). * Strong working knowledge of NIST SP 800-53 control requirements and FedRAMP Continuous Monitoring processes. * Experience translating vulnerability findings into POA&Ms, remediation plans, and audit-ready documentation. * Ability to collaborate cross-functionally with infrastructure, SRE, DevSecOps, and compliance teams. * Must be a U.S. Citizen and eligible to support federal contracting environments. Preferred Certifications * Tenable Certified Nessus Expert * One or more of the following: * Certified Ethical Hacker (CEH) * CompTIA PenTest+ * Certified Information Systems Security Professional (CISSP).   EEO Statement The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.

Manage secure CI/CD pipelines, implement shift-left security practices, and collaborate with security and engineering teams to ensure compliance and security in cloud-native environments. | Experience in DevSecOps or Security Engineering, managing CI/CD pipelines in cloud environments, deploying containerized workloads securely, and integrating security tooling into DevOps pipelines. | Job Title: DevSecOps Engineer (Detection & Pipeline Security) Pay Type: SALARIED EXEMPT  Location: Remote Citizenship Requirement: U.S. Citizen (Required) Summary of Position Role/Responsibilities The DevSecOps Engineer (Detection & Pipeline Security) plays a pivotal role at the crossroads of DevOps, Security Engineering, and Threat Detection. This position is responsible for managing secure CI/CD pipelines across high-compliance environments and ensuring detection logic is deployed and maintained with the same rigor as application code. This engineer will own the secure release management of Quzara’s Authorized Platforms while operationalizing “Shift Left” principles—integrating security scanning, container validation, and detections into early stages of the development lifecycle. The ideal candidate is deeply technical, thrives in high-security environments, and collaborates closely with both engineering and SOC teams. Essential Functions of the Job * Manage the Detections as Code (DaC) lifecycle for threat detection logic using KQL or Sigma formats, implementing version control (Git) and automated deployment pipelines. * Harden and maintain Azure DevOps (ADO) pipelines, agents, and related CI/CD workflows for both software and detection releases in high-compliance environments. * Administer and secure the Azure Container Registry (ACR), ensuring containers are scanned, patched, and aligned to STIG compliance prior to production deployment. * Implement Shift Left security techniques by integrating SAST, DAST, and compliance scans directly into build pipelines to identify vulnerabilities early. * Partner with the Threat Intelligence and SOC teams to automate deployment of detection content, hunting queries, and analytics into Microsoft Sentinel and related tools. * Build and maintain secure CI/CD templates, YAML pipelines, and secrets management for infrastructure, detection logic, and application components. * Provide audit evidence and documentation to support FedRAMP, FISMA, and CMMC continuous monitoring efforts. * Stay current with container, cloud, and CI/CD security innovations and implement them in real-time across production systems. Marginal Functions of the Job * Other duties as assigned Normal Work Schedule This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job. Education, Training, and Experience * Prior experience in a DevSecOps or Security Engineering role is required (Candidates must have both DevOps experience and security background) * 3–5+ years’ experience managing CI/CD pipelines within cloud-native environments (Azure DevOps strongly preferred). * Hands-on experience deploying and managing containerized workloads (Docker, Kubernetes) in a secure and scalable way. * Advanced knowledge of Azure DevOps, Azure Kubernetes Service (AKS), Azure Container Registry, and Microsoft Sentinel/KQL. * Demonstrated experience integrating security tooling into DevOps pipelines (SAST/DAST, policy-as-code, IaC validation, etc.). * Strong familiarity with compliance frameworks such as FedRAMP, CMMC, or FISMA, and their technical enforcement in the SDLC. Preferred Certifications * Microsoft Certified: DevOps Engineer Expert (AZ-400) * Microsoft Certified: Azure Security Engineer Associate (AZ-500) * Additional certifications such as SC-200 (Security Operations Analyst) or Kubernetes Security Specialist (CKS) are a plus. EEO Statement The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.

Designing and maintaining secure, scalable cloud infrastructure supporting enterprise applications. | Extensive experience in cloud infrastructure, automation, and federal compliance standards, with specific knowledge of Azure Government and related security frameworks. | Job Title: Site Reliability Engineer (Azure Government & Infrastructure) Pay Type: SALARIED EXEMPT  Location: Remote Citizenship Requirement: U.S. Citizen (Required) Summary of Position Role/Responsibilities The Site Reliability Engineer (SRE) for Azure Government & Infrastructure plays a critical role in ensuring the resilience, security, and scalability of the cloud environments supporting Quzara’s Cybertorch™ platform and customer services. The role is specifically tailored to federal compliance-driven operations and requires deep knowledge of Azure Government infrastructure, high-availability architectures, and automation for security enforcement. This position focuses on sustainable infrastructure engineering—designing systems that are not only secure and performant but also auditable and repeatable. From zero-trust networking to patch automation and disaster recovery, the SRE will enable infrastructure to withstand demanding FedRAMP High and DoD IL5 compliance audits, while ensuring service uptime and cost optimization. Essential Functions of the Job * Design and secure Azure Government networking architecture, including management of NSGs, Azure Firewall, VNETs, and segmented subnets to support zero-trust policies. * Develop automated patching pipelines using Azure Automation, Terraform, or Ansible to ensure system-wide compliance with STIG and other federal standards. * Implement and maintain Disaster Recovery (DR) and high availability (HA) strategies, including Azure Site Recovery, for all infrastructure underpinning Cybertorch™ MDR services. * Maintain Azure Virtual Desktop (AVD) infrastructure for secure remote access, including session host management, scaling policies, and user access control. * Manage and rotate SSL/TLS certificates for internet-facing assets in coordination with security operations and DevSecOps teams. * Proactively monitor and optimize infrastructure performance, cost, and security posture using Azure Monitor, Log Analytics, and cost governance tools. * Collaborate closely with Security Engineers, Compliance Advisors, and SOC staff to ensure that infrastructure is aligned with technical controls across FedRAMP, FISMA, and CMMC frameworks. * Provide infrastructure input and evidence for audits, documentation packages, and continuous monitoring activities. Marginal Functions of the Job * Other duties as assigned   Normal Work Schedule This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job. Education, Training, and Experience * Minimum 4+ years of experience in Site Reliability Engineering, Cloud Infrastructure Engineering, or Systems Engineering roles supporting federal or highly regulated environments. * Expert knowledge and hands-on experience in Microsoft Azure Government, including Azure Networking, Azure Monitor, Azure Automation, and Azure Policy. * Proficiency with Infrastructure as Code (IaC) using Terraform, Bicep, or Ansible in version-controlled, team-based environments. * Experience building automated security compliance workflows, including patching pipelines and STIG enforcement. * Strong understanding of FedRAMP, FISMA, or DoD IL4/IL5 requirements in relation to infrastructure controls and audit evidence. * Familiarity with backup, disaster recovery, and business continuity planning (BCP) in cloud environments. Preferred Certifications * Microsoft Certified: Azure Administrator Associate (AZ-104) * Microsoft Certified: Azure Security Engineer Associate (AZ-500) * Additional certifications such as AZ-305, SC-100, or Terraform Associate are a plus. EEO Statement The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.

Configuring and deploying threat detection and automation capabilities in secure, compliant cloud environments, managing CI/CD pipelines, and supporting security audits. | Experience in DevSecOps or security engineering, managing CI/CD pipelines in cloud environments, deploying containerized workloads, and familiarity with compliance frameworks like FedRAMP, FISMA, or CMMC. | Job Title: Customer Onboarding Engineer (MDR & Compliance) Pay Type: SALARIED EXEMPT  Location: Remote Citizenship Requirement: U.S. Citizen (Required) Summary of Position Role/Responsibilities The Customer Onboarding Engineer (MDR & Compliance) plays a critical role in bridging Business Operations and Security Operations to ensure secure, compliant, and frictionless integration of customers into the Quzara Cybertorch™ MDR platform. This position is responsible for the technical configuration and deployment of logging, threat detection, and automation capabilities for customers operating in regulated federal environments, including civilian and DoD agencies. The ideal candidate has a background in security engineering and SOC technologies and can operate independently in configuring Microsoft Defender XDR, Sentinel, and compliance platforms like Microsoft Purview. This is a hands-on engineering role with direct customer-facing responsibilities during onboarding. Essential Functions of the Job * Manage the Detections as Code (DaC) lifecycle for threat detection logic using KQL or Sigma formats, implementing version control (Git) and automated deployment pipelines. * Harden and maintain Azure DevOps (ADO) pipelines, agents, and related CI/CD workflows for both software and detection releases in high-compliance environments. * Administer and secure the Azure Container Registry (ACR), ensuring containers are scanned, patched, and aligned to STIG compliance prior to production deployment. * Implement Shift Left security techniques by integrating SAST, DAST, and compliance scans directly into build pipelines to identify vulnerabilities early. * Partner with the Threat Intelligence and SOC teams to automate deployment of detection content, hunting queries, and analytics into Microsoft Sentinel and related tools. * Build and maintain secure CI/CD templates, YAML pipelines, and secrets management for infrastructure, detection logic, and application components. * Provide audit evidence and documentation to support FedRAMP, FISMA, and CMMC continuous monitoring efforts. * Stay current with container, cloud, and CI/CD security innovations and implement them in real-time across production systems. Marginal Functions of the Job * Other duties as assigned Normal Work Schedule This is a full-time position. Standard business hours are Monday through Friday 8:30 AM to 5:30 PM. Additional time outside of these hours may be needed to complete the essential functions of the job. Education, Training, and Experience * Prior experience in a DevSecOps or Security Engineering role is required (Candidates must have both DevOps experience and security background) * 3–5+ years managing CI/CD pipelines within cloud-native environments (Azure DevOps strongly preferred). * Hands-on experience deploying and managing containerized workloads (Docker, Kubernetes) in a secure and scalable way * Advanced knowledge of Azure DevOps, Azure Kubernetes Service (AKS), Azure Container Registry, and Microsoft Sentinel/KQL. * Demonstrated experience integrating security tooling into DevOps pipelines (SAST/DAST, policy-as-code, IaC validation, etc.). * Strong familiarity with compliance frameworks such as FedRAMP, CMMC, or FISMA, and their technical enforcement in the SDLC. Preferred Certifications * Microsoft Certified: DevOps Engineer Expert (AZ-400) * Microsoft Certified: Azure Security Engineer Associate (AZ-500) * Additional certifications such as SC-200 (Security Operations Analyst) or Kubernetes Security Specialist (CKS) are a plus. EEO Statement The Company is an Equal Employment Opportunity (EEO) employer and does not discriminate based on race, color, religion, sex, sexual orientation, national origin, age, marital status, disability, veteran's status, or any other basis protected by applicable discrimination laws.