DevSecOps Security Engineer

About The Position

Requirements

• Typically requires a degree in Science, Technology, Engineering, or Mathematics (STEM) and a minimum of 2 years of prior relevant experience
• Solid understanding of information assurance and cybersecurity concepts and experience implementing security controls in information systems and networks.
• U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance
• The ability to obtain and maintain a U.S. government issued security clearance is required.

Nice To Haves

• Experience with on-premise system and network vulnerability assessment tools such as Nessus, Rapid7, or similar.
• Experience with the Splunk observability platform and creating queries, dashboards, and reports to monitor IT products and services.
• Experience creating, managing, and maintaining continuous integration and delivery (CI/CD) pipelines for automated security testing. (GitLab Runners, Jenkins)
• Experience with static and dynamic application security testing (SAST/DAST) tools like Coverity, SonarQube, and OWASP ZAP.
• Experience of Git-based version control systems and experience creating and maintaining code and configuration repositories. (GitLab, GitHub)
• Experience with scripting languages. (e.g., Python, PowerShell, or Bash)
• Experience with Linux- and/or Windows-based operating systems running in virtual, containerized, and cloud-based operating platforms.
• Active cybersecurity certifications such as Security+, GSEC, SSCP, or CISSP Associate recommended.
• Willingness and ability to travel domestically and internationally as needed.

Responsibilities

• Design, develop, and implement security tools to detect, prevent, and remediate security issues in TSG-managed IT products & services.
• Assist in the development and integration of security tooling into CI/CD pipelines to automate and accelerate security testing of IT service assets.
• Work with software developers and system engineers to develop security testing automations using static and dynamic application security tools (SAST/DAST).
• Provide operational support to internal RTX developers and engineers on common security processes and tools.
• Build and maintain dashboards, alerts, and reports for the team's Splunk-based observability platform.
• Assist in the implementation and monitoring of security-related performance metrics to identify continuous improvement opportunities for our DevSecOps processes and tools.
• Aid in the selection, evaluation, and implementation of security controls to improve the confidentiality, integrity, and availability of deliver IT products and services.
• Support cybersecurity compliance related activities such as risk assessments, internal and external audits, and continuous monitoring.

Benefits

• medical
• dental
• vision
• life insurance
• short-term disability
• long-term disability
• 401(k) match
• flexible spending accounts
• flexible work schedules
• employee assistance program
• Employee Scholar Program
• parental leave
• paid time off
• holidays