Senior DevSecOps Information Security Analyst

About The Position

Requirements

• Minimum of 12 years’ experience with bachelor’s degree or 10 years’ experience with master’s degree in Computer Science, Cybersecurity, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or University.
• Active TS/SCI + CI Polygraph
• CISSP or Active DoD IAM and/or IAT Level II/III
• AWS Certified Solutions Architect Associate
• Demonstrated domain knowledge in DevSecOps, Cloud Architecture, Cybersecurity, and Information Assurance
• Exceptional organizational and analytical skills with attention to detail in documentation and reporting.

Nice To Haves

• Security+
• SecurityX

Responsibilities

• Lead security control assessments for containerized applications
• Create assessment mapping of technical evidence to RMF/NIST SP 800‑53 controls and maintain key authorization artifacts, including SSPs, SARs, and POA&Ms.
• Possess a strong understanding of NIST SP 800‑37, NIST SP 800‑53, and CNSSI 1253 to support system authorization activities and ensure compliance across complex environments.
• Perform hands-on validation using SAST, DAST, and SCA tools to analyze source code, dependencies, and IaC for vulnerabilities.
• Apply deep knowledge of cloud security principles including shared responsibility and control inheritance across AWS, Azure, and GCP to design and evaluate secure architectures.
• Bring hands‑on expertise with AWS, Azure, GCP, container runtimes such as Podman, and Kubernetes platforms (EKS, AKS, GKE), with proficiency in RBAC, network policies, pod security, secrets management, and supply‑chain security frameworks such as SLSA and Sigstore.
• Provide expert guidance on secure design and threat modeling while driving the full vulnerability management lifecycle from triage and risk analysis through remediation validation.
• Identify, investigate, and escalate cybersecurity incidents using structured response methodologies that ensure timely containment, effective resolution, and adherence to reporting requirements.
• Secure CI/CD pipelines by integrating automated security controls, artifact scanning, integrity checks, and policy-as-code.
• Implement and manage security technologies, including monitoring tools, endpoint protection, IAM systems, vulnerability scanners, and threat intelligence platforms to enhance cybersecurity resilience.
• Document and communicate technical findings, risk posture, and strategic recommendations to developers, architects, and executive government leadership.

Benefits

• medical
• dental
• vision
• paid time off
• 401(k)
• life insurance
• flexible work schedules
• holidays