Security Engineer (GSA Login)

About The Position

Requirements

• U.S. Citizenship required to obtain Public Trust
• Bachelor’s Degree +10 years of relevant experience
• Ability to integrate with Agile development team
• Experience with modern software development practices and cloud architectures
• Must be able to define your own work in a team environment
• Experience with process automation with programming or scripting languages such as python, terraform or bash
• Strong knowledge and experience with Federal Risk Management Framework (RMF) and how it translates to technical implementation and security practices
• Ability to administer, operate, and maintain the security tools such as CloudWatch Events, Nessus, Inspector, AWS Config benchmark setting, Security Hub, WAF, and Macie
• Detail-oriented with a high level of integrity and professionalism
• Proactive in identifying potential compliance issues and developing solutions

Nice To Haves

• Master's degree in Cybersecurity, Information Technology, or a related field preferred
• Professional certifications relevant to compliance and security, such as CISSP, CISM, or specific to NIST, FedRAMP, and FISMA

Responsibilities

• Maintain operational security posture for an information system or program
• Perform routine threat modeling exercises at the product, system and cloud infrastructure level
• Work alongside delivery and platform teams to advise on the design and development of secure, highly visible, public-facing applications on AWS Cloud.
• Administer, operate, and maintain security tools such as CloudWatch Events, Nessus, Inspector, AWS Config benchmark setting, Security Hub, WAF, and Macie
• Perform application security impact analyses and participate in significant change assessments as part of the application security program: FedRAMP continuous monitoring and reporting
• Participate in security incident response activities
• Develop security responder actions based on principles of SOAR (developer expertise required), Infrastructure language: terraform; Scripting language: python, Tools at disposal are AWS relevant services, slack, GitHub
• Guide and perform security activities including vulnerability testing and analysis, code review, static and dynamic code testing, ethical hacking and business logic exploit testing
• Conduct Red team exercises
• Conduct routine threat hunting activities to improve system security
• Work within Agile development teams, ensuring compliance of software deliverables and associated operations to all required standards
• Review documentation and processes to ensure compliance with these standards throughout the software development lifecycle
• Conduct periodic audits of required standards, associated controls, and control items
• Analyze security practices and compliance data to assess effectiveness and identify trends or recurring issues in Agile development projects
• Prepare detailed reports on compliance status, audit findings, and recommendations for enhancing security and compliance practices
• Develop and refine risk assessment methodologies to evaluate security risks associated with new software features and deployments
• Provide guidance on mitigating risks identified during the compliance review processes
• Collaborate with other security engineers and IT teams to ensure risk mitigation strategies are effectively implemented
• Ensure that security compliance policies are communicated to and understood by all stakeholders, including Agile DevOps teams
• Develop or modify implementation and design documents describing how security features are implemented
• Provide cross functional support for product teams across the organization
• Advise the government representatives on security and best practices
• Act as a resource for Agile teams and IT staff by providing expert advice on compliance matters in an advisory capacity