Position :: DevSecOps Security Engineer
Remote
1 year Contract
The DevSecOps Security Engineer will support dynamic and static analysis (DAST and SAST) of code for multiple applications using Fortify and work across technical teams to suport the remediation of findings. The DevSecOps Security Engineer will support a large team of infrastucutre, security and application team during migration of on-prem and cloud applications to the client Azure Government enclave. The securiy engineer will confirgure, operate and maintain Securiy Code Scanning tools (Fortify). The engineer will provide support for securiy assessment and authorization/ ATO process, security audits.
Required Skills
5+ years' experience supporting secure DevSecOps practices using FORTIFY 5+ years' experience running Dynamic and Static Application Security Testing (SAST)
5+ years' experience working with of source version control, build/release tools and methodologies
5+ years' experience with CI/CD pipelines
5+ years' experience with the software build process
5+ years' experience supporting backups and disaster recovery 5+ years' experience maintaining access control and the integrity of data throughout the platform 5+ years' experience designing, developing, evaluating and modifying systems and systems-oriented products.
5+ years' experience configuring, deploying and maintaining and optimizing securiy code scanning tools (Fortify)
Work with the deveopment and infrastucture teams to remdiate findings
Perform Cyber Supply Chain Risk Management (C-SCRM) activities to include configuring, deploying and maintaining SCRM tool (Mend) and analyze reports.
Support Security Assessment and Authorization / ATO process
Bachelors Degree and a minimum 5 years experience. Additional years of experience maybe accepted in lieu of the degree.
Ability to acquire a Public Trust Background investagation
U.S. Citizen
Preferred Skills - with years of experience needed
Certified in industry recognized areas such as CISSP, CISA, or CISM
Familiarity with NIST 800-53, FISMA, FedRAMP
Excellent organization, collaboration, project management, and team leadership skills
Strong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership
2+ years experience executing security compliance in multi-cloud or DevSecOps environments
2+ years experience coordinating across security, IT operations, audit, and development groups to achieve security outcomes
Security certification in one or more cloud environments (Azure, AWS, Google...)