Application Security DevSecOps Engineer

Reston, Virginia
Jun 08, 2019
Sep 17, 2019
Engineering, Security
Full Time
AboutWeb is looking for an Application Security/DevSecOps Engineer. This role will have client facing responsibilities that encompass Application security and DevSecOps engineer skill sets. Responsibilities include securing our client's cloud and microservices based application environments by integrating security tools, configurations, and testing into Continuous Integration/Continuous Delivery (CI/CD) pipelines in an Agile environment. The successful candidate will also run manual static and dynamic analysis testing tools, perform penetration testing, analyze security testing results, and work with developers, DevOps, and security team members to resolve vulnerabilities. Further, the candidate will perform security tasks such as application threat modeling, communicate secure coding best practices, optimize the DevSecOps toolchain, analyze security control assessment findings, and assist with development and maintenance of system security documentation. At various times, production security operations tasks such as analysis of application security issues and assisting with incident response may also be required. The successful candidate should be open to sharing their knowledge with the team and helping advance a culture of security within their projects.
Required Skills:
  • 3+ years of Application Security/DevSecOps Engineer experience with the following skills :
    • DevSecOps and Agile methodologies
    • JIRA
    • Jenkins (or equivalent)
    • Nessus (or equivalent)
    • BurpSuite or equivalent Dynamic Analysis Security Testing tool
    • SonarQube or equivalent Static Analysis Security Testing tool
    • Amazon Web Services (AWS) - Cloud Computing Services
    • Linux (RedHat, CentOS preferred)
  • NIST SP800-37Rev.1 Risk Management Framework
  • Development and maintenance of security program documentation (security policies, procedures, standards, etc.)
  • Business Continuity and Disaster Recovery Planning and Testing
  • Analysis of security testing findings, control implementations, and resultant security documentation updates (Plan of Action and Milestones, System Security Plans, etc.)
  • Experience working directly with clients
  • Ability to work autonomously and consistently deliver within deadlines
  • Experience with creating and maintaining detailed documentation
  • Excellent oral and written communication skills
  • Excellent multitasking skills

Similar jobs