DevSecOps Application Security Engineer

Reston, Virginia
Mar 26, 2019
Mar 26, 2019
Engineering, Security
Full Time
We are looking for a DevSecOps/Application Security Engineer

This role will have client facing responsibilities that encompass DevSecOps and application security engineer skill sets. Responsibilities include securing the client's cloud and microservices based application environments by integrating security tools, configurations, and testing into Continuous Integration/Continuous Delivery (CI/CD) pipelines in an Agile environment. The successful candidate will also run manual static and dynamic analysis testing tools, analyze security testing results, and work with developers, DevOps, and security team members to resolve vulnerabilities. Further, the candidate will perform security tasks such as application threat modeling, communicate secure coding best practices, optimize the DevSecOps toolchain, analyze security control assessment findings, and assist with development and maintenance of system security documentation. At various times, production security operations tasks such as analysis of application security issues and assisting with incident response may also be required. The successful candidate should be open to sharing their knowledge with the team and helping advance a culture of security within their projects and the client.
Required Skills:
  • 3+ years of DevSecOps/Application Security Engineer experience with the following skills:
    • DevSecOps and Agile methodologies
    • JIRA
    • Jenkins (or equivalent)
    • Nessus (or equivalent)
    • BurpSuite or equivalent Dynamic Analysis Security Testing tool
    • SonarQube or equivalent Static Analysis Security Testing toolAmazon Web Services (AWS) - Cloud Computing Services
    • Linux (RedHat, CentOS preferred)
  • NIST SP800-37Rev.1 Risk Management Framework
  • Development and maintenance of security program documentation (security policies, procedures, standards, etc.)
  • Business Continuity and Disaster Recovery Planning and Testing
  • Analysis of security testing findings, control implementations, and resultant security documentation updates (Plan of Action and Milestones, System Security Plans, etc.)
  • Experience working directly with clients
  • Ability to work autonomously and consistently deliver within deadlines
  • Experience with creating and maintaining detailed documentation
  • Excellent oral and written communication skills
  • Excellent multitasking skills

Similar jobs