Fairfax, Virginia, USA
8 days ago
DevSecOps Software Security Engineer - ICE
Overview The software security engineer plays a critical role in a DevSecOps team modernizing and improving critical software by ensuring that security practices are baked into the teams' policies, processes and pipelines. Responsibilities The overall responsibility of the Software Security Engineer is to implement, test, and operate advanced software security techniques in compliance with technical reference architecture. Perform on-going security testing and code review to improve software security. Troubleshoot and debug issues that arise. Provide engineering designs for new software solutions to help mitigate security vulnerabilities. Contribute to all levels of the architecture. Maintain technical documentation. Consult team members on secure coding practices. Develop and maintain familiarity with new tools and best practices. Engineer and implement DevOpsSec (CI/CD) pipelines and incorporate security protocols while deploying infrastructure as code (IaC). Qualifications Bachelor’s degree in science, technology, engineering, and math (STEM) field and 9 years IT security (Cybersecurity) experience; or 7 years with a Masters; or 4 years with a PhD. 5 years technical leadership experience. Certified Information Systems Security Professional (CISSP), or Certified Secure Software Lifecycle Professional (CSSLP) Certification, or Certified Application Security Engineer (CASE) Certification. AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional. Experience with DevOpsSec pipeline tools including configuration management, requirements (e.g. JIRA), automated testing, automated deployments, blue green deployments, and branching strategy and implementation. Familiarity with Systems Engineering processes and milestones; understanding of the requirements analysis, decomposition, and allocation process. Experience with performing Security Control Assessment in compliance with NIST SP 800- 37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series. About Highlight For over ten years, Highlight has provided Development and Modernization, Secure IT, and Mission Solution services to our federal government customers. Our team knows the technology; we understand how our customers and their stakeholders work; and we know how to implement industry best practices to deliver high-quality, end-to-end solutions that minimize risk and maximize results. Since our inception, Highlight has had an employee-first mindset. Our mission is to provide employees with rewarding and impactful career opportunities. In 2021, Highlight’s founder, Rebecca Andino, implemented an Employee Stock Ownership Plan to embody and expand our culture of transparency, teamwork and rewarding the work of our employees. By becoming an ESOP, our employee-owners share in the success of the company through their ownership stake. To learn more about ESOPS, check out: www.esopinfo.org. We’re an Equal Opportunity Employer (EOE) that empowers our people to fearlessly drive change - regardless of their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other characteristics. Our team is dedicated to foster diversity within our teams to promote creativity, innovation, and teamwork to deliver the best solutions for our customers. To receive compensation and benefits information for this role, contact us or email us at Recruiting@HighlightTech.com Please include the Req ID (this is at the top of the posting under the position title) in the subject line of the email. Recruitment Fraud Disclaimer Highlight takes your security seriously. Please be aware that fraudulent actors may attempt to circulate fictitious job opportunities and impersonate our recruiters. The main purpose of these correspondences is to obtain privileged information from individuals. To protect yourself, keep the following in mind: All emails will come from an official @highlighttech.com or @talent.icims.com email address. We will never request payment or personal financial information during the recruitment process. We will not send job offers via email. All offers are first extended verbally by a member of our recruitment team whenever possible, and then followed up via written communication through official channels. If you suspect fraudulent activity or have any doubts about the authenticity of an email, letter, or telephone communication supposedly from, for, or on behalf of Highlight, please contact our team directly at Recruiting@highlighttech.com. --- #cwhp
Confirm your E-mail: Send Email