Flex Staffing Resources
Back to List

 

Security Development Engineering  

 

Location: Herndon, VA (Hybrid)

Employment Type: Full-time with Benefits

Security Clearance: Not Required

Citizenship: U.S. Citizenship Required

 

SecDevOps exists to bridge the gap between Security and Engineering. The position serves as the technical points of contact for security related activity that needs engineering or development focus. This position will be a hybrid position, and will require on-site attendance as required (i.e., training, assessment participation, team meetings, etc.).

This role serves as a “hands-on” mid-level security development engineer who will be responsible for interfacing with  security engineering, operations, security and build teams.  This individual will assist the GRC Control Assurance and SOC Vulnerability Management teams with the initial triage of vulnerabilities to produce actionable items for operations, or as necessary, be point for escalations to product or cloud teams. Additionally, this individual will be supporting the various assessments/audits by participating in interviews, managing operation and engineering escalations in support of assessment / audit activities.   This can include, but not limited to, providing assistance and guidance on how the security controls are being addressed through automation, configuration or build as well as gathering evidence for the assessors.   As required, this individual will also Shepard vulnerabilities and/or findings through the remediation process.

GENERAL RESPONSIBILITES

  • Assist in reviewing vulnerability data from multiple sources (i.e. external/internal penetration testing, internal/external vulnerability scanning, etc.) across multiple technologies and a changing environment, including infrastructure and applications, to determine the risk rating of vulnerabilities to business assets.
  • Work closely with our Security Operations and Governance, Risk and Compliance teams to maintain compliance that meets or exceeds required standards.
  • Assist in improving and automating existing vulnerability management lifecycle. Including but not limited to data ingestion & normalization, compliance metrics and detections on assets.
  • Assist in partnering with tools and technology teams to troubleshoot, develop, select, implement, and automate appropriate security solutions to protect system data from internal and external threats.
  • Scale systems sustainably through mechanisms like automation and evolve systems by pushing for changes in reliability, security, and velocity.
  • As necessary, review web, operating system and container scans in conjunction with Splunk report for status and remediation of vulnerabilities within various environments.
  • Assist in working with the various teams to effectively communicate the risks of identified vulnerabilities and make recommendations to mitigate identified risks.
  • Stay current with vulnerability information across all the products in the environments.
  • Provide technical support for vulnerability management and continuous monitoring projects.
  • Provides analysis and validation post remediation, identify opportunities for improvements and out of the box thinking for optimizations and solving road blocks.
  • Assist in ensuring scan results are presented in appropriate dashboards, reports, and forwarded to other data systems as necessary.
  • Assist in the initial triage of vulnerabilities to produce actionable items for Vulnerability Management Teams, Operations Teams, and if necessary, escalation of findings. 
  • Assign and track vulnerability findings to appropriate teams via ticketing systems. 
  • Participate in various assessment and certification processes via interviews and evidence collection.
  • Work with Cloud engineering teams to meet federal, state and local regulations and compliance requirements. 

GENERAL QUALIFICATIONS:

  • Bachelor’s Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical discipline
  • Experience with best practice identification and response to operating system and web application vulnerabilities, such as patching or otherwise mitigating known security issues.
  • Ability to communicate complex security vulnerabilities to various audiences ranging in technical knowledge.
  • Experience with various scanning tools including but not limited to Nessus, WebInspect and/or container scanners such as Clair, Trivy, Grype
  • Exposure to information security standards such as DISA STIGs or CIS. Previous work with immutable image deployments/architecture.
  • Experience leading efforts across multiple groups and security boundaries toward common goals.
  • Ability to debug and optimize code and automate routine tasks.
  • Systematic problem-solving approach coupled with strong communication skills and a sense of ownership and drive.
  • Experience in tracking and creating various metrics, KPIs or OKRs.
  • Experience with SDLC and Release processes
  • Knowledge with patching and vulnerability remediation processes
  • Ability to adapt to a high paced environment and workload

Experience with one or more of the following:

  • C, C ++, Java, Python, Go, Perl, Ruby, or shell scripting.
  • Experience working in a Cloud Environment – AWS, Azure, GCP
  • Experience with JIRA Ticketing System Information Technology
  • Experience with Service Now Ticketing System
  • Experience working with containers or Kubernetes
  • Experience with Unix / Linux/Windows operating system internals and administration (e.g., filesystems, inodes, system calls, hardening) and networking (e.g., TCP / IP, routing, DNS, network topologies, SDN).
  • Understanding and practice with security frameworks such as NIST 800-53, NIST 800- 171, SOC 1 or SOC 2, or PCI
  • Knowledge of Best Practice and security guides (ex. NIST 800-53 rev 4, NIST 800-53, FedRAMP)
  • CompTIA Security+.or equivalent certification

 

 

Apply to this Job
First Name *
Last Name *
Email

Phone

Yes
No