Program Security Specialist III

About Hunter Strategy

Hunter Strategy has a unique philosophy to technical project delivery. We treat all our customers like mission partners because they rely on our team to meet their objectives through complex software engineering, cloud operations, and cyber risk management solutions. Hunter Strategy was founded on the premise that IT is 21st century infrastructure - critically important but only instrumentally valuable. Accordingly, our teams look at problems with a single objective: the identification and enablement of the right capability to address the most vexing problems our Mission Partners face. We continue to support our partners' success by leveraging the right technology, with the right plan, and the right team to address tomorrow's challenges today.

The Program Security Specialist III supports the Host and Compute Center (HaC) and JWCC programs by delivering advanced cybersecurity engineering, RMF governance, and full-spectrum security management across cloud and containerized environments. This role embeds security into DevSecOps pipelines, implements Zero Trust-aligned controls, and ensures compliant system architectures. The specialist provides deep technical expertise in cloud security configurations, IAM/PAM governance, vulnerability detection, and secure platform engineering—including Kubernetes-based container orchestration, GitOps deployment models, and microservices security. 

In addition to engineering responsibilities, the Program Security Specialist leads and maintains RMF packages, evaluates and audits security controls, and drives continuous compliance across complex DoD systems. The role also supports real-time cybersecurity operations by detecting and responding to incidents, conducting investigations, and enforcing security policies and documentation standards. This position requires extensive experience with DoD cybersecurity frameworks, strong analytical and communication skills, and the ability to manage and mitigate security risks in mission-critical environments. 

Key Responsibilities:  

  Security Engineering & Management: 

• Embed security configurations into CI/CD pipelines (DevSecOps) within Azure Gov Cloud and AWS Gov Cloud 

• Strong knowledge of the DOD Cloud Computing Security Requirements Guide, NIST 800-171, 800-53, and Zero Trust Architecture 

• Implement and enforce modern Cloud security best practices for HC2 programs utilizing infrastructure as code 

• Configure and audit IAM and PAM implementations 

• Deploy and integrate active vulnerability scanning security controls and system integrity to detect vulnerabilities or threats. 

• Collaborate with technical teams to ensure the design of secure, compliant systems. 
   

Container and Platform Engineering 

• Deploy, manage, and secure container platforms such as Kubernetes (AKS/EKS) 

• Design scalable cluster architectures with proper segmentation and RBAC 

• Implement GitOps or pipeline-driven deployment strategies 

• Support microservices-based application architectures  

 Risk Management Framework (RMF): 

• Support DoD authorization and accreditation efforts for information systems. 

• Evaluate and assess security controls against compliance standards. 

• Develop and manage security risk processes to ensure ongoing system compliance. 

• Maintain accurate RMF documentation and track security risk mitigation actions. 

  Incident Response & Compliance: 

• Detect and monitor for cybersecurity breaches and initiate response actions. 

• Participate in security incident investigations and remediation efforts. 

• Develop and enforce security policies, procedures, and protocols. 

• Create and maintain security documentation to ensure continuous compliance. 

Qualifications:  

• Minimum of 8 years of experience in cybersecurity, with a focus on security engineering, RMF, and security management. 

• Proven experience supporting DoD programs and managing security requirements for complex systems. 

• Active IAT II+ (e.g., Security+ CE, GSEC, SSCP) or IAM II+ (e.g., CISSP, CISM) Certification. 

• Active DoD Top Secret / Top Secret with SCI Eligibility.  

Additional Requirements:  

• Expertise in RMF processes, security controls, and risk management. 

• Ability to develop, implement, and assess security policies and incident response procedures. 

• Strong problem-solving skills and the ability to communicate security risks effectively.