Security Engineer II

About The Position

Requirements

• Must have an active Secret Clearance
• 1-3 years relevant experience in the following:
• Experience reviewing vulnerability scans using SAST (Static Application Security Testing) tools, analyze outputs to identify vulnerabilities, and recommend mitigation and remediation actions
• Knowledge of multiple programming languages (e.g., Java, C#, Python, .NET, SQL)
• Experience with threat modeling and presenting findings/recommendations to lead stakeholders.
• Thorough understanding of CI/CD pipeline components, containerization technologies (e.g., Kubernetes, Docker, etc.,) and microservices architecture.
• In-depth knowledge of critical application security vulnerabilities and OWASP Top 10
• Experience with following static code analysis tools: SonarSource, OpenText SAST, and TruffleHog.
• In-depth knowledge of DevSecOps practices and principles
• Solid understanding of system and network security, authentication protocols, and cryptography.
• Ability to communicate with development teams on mitigation and remediation of vulnerabilities and security control implementation.
• Ability to work in a fast-paced environment and possess excellent communication skills.
• Experience with security lockdown and/or hardening of servers and network devices
• Possess skills to conduct Technical Reviews of Development Contractor produced security deliverables
• Ability to coordinate with developers, vendors, and other government organizations/agencies to assess security engineering issues
• Experience participating in Technical Interchange Meetings on a wide range of PMO security engineering topics
• Experience providing support to ensure PMO systems are designed, developed, and deployed in accordance with applicable Executive Orders, Federal Policy, DOW regulations, USTRANSCOM requirements, and commercial best practice
• Experience recommending changes to network and security architecture to improve security posture and meet operational performance requirements
• Experience supporting operational security activities (e.g., researching coding languages, vulnerabilities associated with secure coding practices, etc.)
• Experience supporting the Customer through critical review of documented DISA STIG/SRGs (e.g., Application Security and Development) and ingesting them in the government-supplied tools to support risk assessment of the NIST controls.
• Active IAM II Certification in Good Standing (e.g., CGRC (formerly CAP), Security X (formerly CASP+CE), CISM, CISSP (or associate), GSLC, CCISO)
• Bachelor’s in Computer Science or Cybersecurity or equivalent
• Secret

Responsibilities

• Reviews evolving NIST requirements to support risk assessment activities associated with the affiliated system requirements and specifications.
• Prepares detailed specifications from which cybersecurity deficiencies identified during risk assessment will be mitigated/remediated and conducts follow-up risk assessment to ensure proper secure coding practices are being built-in/enforced to the greatest extent possible.
• Collaborates closely with government customers to develop appropriate POA&Ms and support risk acceptance activities as needed to support risk management processes.

Benefits

• We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement plans and much more.