Security Engineer

3-7 Years of experience in software design and development with at least 3+ years of experience working in a security role handling on-premise and cloud infrastructures
Extensive experience integrating Security checks in the CI/CD pipeline alongside the Development team
The Security Engineer should have extensive Scanning experience and familiarity with Static & Dynamic Code Analysis
Experience and expertise in secure coding practices and threat modeling
Strong scripting skills and proficiency with the following scripting languages strongly preferred: Shell, Python, Ruby
Excellent communication and written skills
Able to provide proof of US Citizenship
Ability to obtain a Public Trust clearance

Responsible for design and automation of security scanning as part of daily integration activities to continuously assess code and remediate vulnerabilities early in the development lifecycle
Actively involved at all phases of the development lifecycle to promote code reuse which uses inherited preapproved Risk Management Framework (RMF) controls to achieve faster ATO
Responsible for confirming security-relevant design changes and raise “outPatterns” to CISA ISSM’s and ISSOs for early assessment
Design integrate custom code to generate security-relevant events for the CISA Information Security, enhancing operational monitoring
Perform evaluation, onboarding, and manual testing of CISA approved security tools ex SAST, vulnerability and open source scanning into the Security DevOps life cycle
Define best practices in security hardening, patching, granular role-based access, system administration, and configuration
Strong working knowledge of NIST 800.37 and 800.53 requirements
Experience evaluating, documenting, and implementing security controls

Active DHS/CISA suitability – 1st priority
Any DHS badge + DoD Top Secret – 2nd choice
DoD Top Secret + willingness to obtain DHS/CISA suitability – 3rd choice (it can take 10-60 days to obtain suitability – work can only begin once suitability is fully adjudicated)