Senior Cyber Security DevSecOps Engineer

Company: Engility Corporation
Location: Reston
Posted on: June 10, 2021

Job Description:

SAIC has an opening for a Cyber Security DevSecOps Specialist. This position can be worked 100% remote nationwide. We are seeking a Senior Principle to support an Artificial Intelligence development environment in the highly regulated Government environment. This position will report to the Cyber Security Engineering Sr Manager. This role is a key business enabler to provide information security risk analysis and strategic recommendations for a current AI development project for a wholly owned subsidiary of SAIC. The candidate should have deep cyber, secure development, and governmental security experience and knowledge. Develops and implements security controls and formulates operational risk mitigations in FEDRAMP cloud environments Involved in a wide range of security decisions for an ongoing development project. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy and ensures these technologies meet current NIST 800-171 and CMMC requirements.

Primary Responsibilities:

• Play a key role in the overall security system design of large scale AGILE development project.
• Provide Cyber guidance to a secure development team developing solutions for classified and unclassified government network environments.
• Guide the implementation of the required government policy (i.e. NIST SP 171, CMMC FEDRAMP, and makes recommendations on process tailoring as it applies to product development.
• Maintain and enhance the standing security systems, deploy new security capabilities and provide security engineering services to non-security specific IT efforts.
• Secure coding implementation and guidance of a development team. Implement secure coding gates and process into an AGILE development team processes.
• Develops advanced technological ideas and guides their development into a final product. Erroneous decisions or recommendations would typically results in failure to achieve critical organizational objectives and affect image of organization's technological capability.
• Participates with senior managers to establish strategic plans and objectives. Recommends/makes decisions on administrative or project work matters and ensures effective achievement of program, project, or organizational objectives.
• Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
• Maintain roadmaps, which include product selection, versions, upgrades, projects and milestones.

Education:

Bachelors and 14 years of experience; Masters and 12 years of experience; PhD or JD and 9 years of experience.

Required skills:

• Experience with Continuous Integration and Continuous Delivery pipelines (CI/CD).
• Ability to meaningfully participate in code reviews and provide security guidance to software development teams.

Desired Skills:

• Experience with automated software security testing methodologies (SAST/DAST/SCA).
• Familiarity with microservice architectures and cloud-native technologies.
• Secure Software Lifecycle Professional Certification such as ISC2 CSSLP.
• Experience with Public Cloud Platforms Architecture and Deployment (AWS, Azure, GCP) configuration and administration of security features & services.
• Demonstrated experience working with senior management on highly sensitive projects that require the utmost discretion and maintaining strict confidentiality on all data, records, and tasks as required.
• Ability to effectively manage many different tasks simultaneously..
• Excellent written and communication skills.
• Maintain up-to-date detailed knowledge of the IT industry as it relates to the technologies identified as primary responsibilities including awareness of new or revised solutions and improved processes.
• Basic knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001 27002).
• Possession of industry certifications highly preferred. Including, but not limited to, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Global Information Assurance Certification (GIAC).
• Demonstrated ability to work in a fast-paced, deadline driven environment.
• Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise.

Keywords: Engility Corporation, Reston , Senior Cyber Security DevSecOps Engineer, Other , Reston, Virginia