We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
Remote New
By Light Professional IT Services LLC jobs

Security DevOps Engineer (DevSecOps)

By Light Professional IT Services LLC
United States
Jan 12, 2025

Security DevOps Engineer (DevSecOps)
Job Locations

US-Remote


ID
2024-9966
 # of Openings
1
 Category
Software
 Clearance
Tier 4 - High Risk (Public Trust)


Position Overview

The DevSecOps Security Engineer will work closely with the Security Manager to ensure the proper security stance is maintained for the information system. This role is primarily responsible for ensuring that all GitHub code scans are performed and meet VA 6500 and NIST compliance standards.



Responsibilities

Code Scanning & Vulnerability Management:

    Perform GitHub code scanning using Dependabot and CodeQL.
  • Conduct vulnerability analysis and manage secrets to ensure compliance with security standards and documentation/reporting for Authority to Operate (ATO) security authorization for FISMA information systems.
  • Document findings, recommendations, and improvements. Generate regular reports on code quality metrics.

Threat Modeling & Risk Assessment:

  • Conduct Threat Model analysis using Microsoft Threat Modeling Tool.
  • Research and address potential security issues for products, services, interfaces, protocols, etc., which may be introduced into the MHV environment.

Code Quality & Optimization:

  • Perform code quality assessments using static analysis tools to identify code smells, anti-patterns, and areas for improvement.
  • Conduct security scanning to identify vulnerabilities (e.g., OWASP Top Ten) in the codebase.
  • Optimize code performance, resolving bottlenecks, memory leaks, and resource-intensive areas.

CI/CD Integration & Automation:

  • Integrate code analysis tools into CI/CD pipelines, ensuring code quality checks are automated.
  • Develop scripts and automation tools using Python, Shell, or other scripting languages to streamline processes.

Documentation & Reporting:

  • Prepare system, boundary, and authorization architectural diagrams using Visio.
  • Support the ATO process by documenting scans, creating diagrams, gathering artifacts, and addressing Security Control Assessments.

Collaboration & Cross-functional Support:

  • Work effectively with cross-functional teams, including developers, testers, and project managers, to ensure secure and efficient code releases

Cloud Infrastructure & Containerization:

  • Understand and work within AWS cloud infrastructure.
  • Utilize virtualization technologies such as VMware and containerization tools like Docker, Rancher, Kubernetes, and AWS EKS.


Required Experience/Qualifications
  • Proven experience with GitHub code scanning tools (Dependabot, CodeQL).
  • Proficiency in security scanning and vulnerability management (e.g., OWASP Top Ten).
  • Strong scripting and automation skills (Python, Shell).
  • Familiarity with Agile and DevOps methodologies.
  • Knowledge of security frameworks (NIST, VA 6500).
  • Hands-on experience with threat modeling tools (e.g., Microsoft Threat Modeling Tool).
  • Ability to create technical diagrams and documentation.


Preferred Experience/Qualifications
  • Familiarity with FISMA compliance and ATO processes.
  • Experience with performance optimization tools.
  • Strong communication skills for cross-functional collaboration.


Special Requirements/Security Clearance
  • Ability to obatain and maintain a Public Trust
Applied = 0
MORE JOBS LIKE THIS

(web-776696b8bf-cvdwt)