View Our Website View All Jobs

Security DevOps Engineer

Security DevOps Engineer

Crystal City, VA

Must be U.S. Citizen

Position Overview

This role will also participate in efforts that will result in the integration of application security and/or information security requirements, controls, and processes into the Software Development Life Cycle (SDLC) or Project Life Cycle. This position will also participate in feature development, technical risk assessments, exposure assessments and recommendations for remediation of vulnerabilities or other risks.

 Responsibilities

  • Utilize software tools to scan applications for vulnerabilities
  • Categorize and report on documented vulnerabilities
  • Perform manual vulnerabilities assessments on web applications
  • Perform assessments in various cloud and on-premise environments
  • Provide security engineering expertise to application teams to enhance security posture.
  • Develop secure application architectural designs design
  • Ensure applications and infrastructure meet standards for security as defined by CIS and FIPS.
  • Utilize publicly available Common Vulnerabilities and Exposures (CVE) to analyze and probe system weaknesses.
  • Demonstrate proficiency in security architectures in large datacenter environment – DNS/DHCP, Load Balancing (F5 Networks, AWS ELB & ALB), Firewalls (Cisco, Palo Alto, Fortinet, & Juniper Networks), IDS/IPS, IPSEC VPN)
  • Ensure that all solutions follow security, compliance controls, and conformance to firm’s IT security standards.
  • Provide concise reports to management and security teams regarding vulnerability assessments.

 Supported Technologies

  • AWS Windows Server RHEL/CentOS 5+
  • Java/Python/C# Ansible SAML
  • Various Networking Tools Github Deployment tools (Chef, Jenkins, Puppet)

 Skills and Qualifications

  • OSCP/OSCE Highly Preferred
  • Proven hands-on Security Engineering experience dealing with Network engineering as well as Software Engineering.
  • Basic manual assessment / Penetration testing skills
  • Solid understanding of the OSI or TCP/IP model
  • Strong experience with cloud software design patterns (microservices, messaging, distributed caching, container security, etc.)
  • Developer background, 5 years of experience with programming in at least one common object-oriented language (Java, C#, C, Python, Ruby etc.)
  • Experience with continuous integration concepts and tools, such as Bamboo, Jenkins, Microsoft TFS, TeamCity, etc.
  • Knowledge of Risk Controls framework, and Audit procedures (27000/1/2, NIST 80053/171, SOC2, DFARS, Privacy Shield, etc.)
  • Ability to script in multiple operating systems, Linux (BASH), Windows (Powershell)

 

Read More

Apply for this position

Required*
Apply with Indeed
Attach resume as .pdf, .doc, or .docx (limit 2MB) or Paste resume

Paste your resume here or Attach resume file

150
To comply with government Equal Employment Opportunity / Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Gender
Race/Ethnicity
Veteran/Disability status