The DevSecOps Security Engineer will work closely with the Security Manager to ensure the proper security stance is maintained for the information system. This role is primarily responsible for ensuring that all GitHub code scans are performed and meet VA 6500 and NIST compliance standards.
ResponsibilitiesCode Scanning & Vulnerability Management:
Perform GitHub code scanning using Dependabot and CodeQL.Conduct vulnerability analysis and manage secrets to ensure compliance with security standards and documentation/reporting for Authority to Operate (ATO) security authorization for FISMA information systems.Document findings, recommendations, and improvements. Generate regular reports on code quality metrics.Threat Modeling & Risk Assessment:
Conduct Threat Model analysis using Microsoft Threat Modeling Tool.Research and address potential security issues for products, services, interfaces, protocols, etc., which may be introduced into the MHV environment.Code Quality & Optimization:
Perform code quality assessments using static analysis tools to identify code smells, anti-patterns, and areas for improvement.Conduct security scanning to identify vulnerabilities (e.g., OWASP Top Ten) in the codebase.Optimize code performance, resolving bottlenecks, memory leaks, and resource-intensive areas.CI/CD Integration & Automation:
Integrate code analysis tools into CI/CD pipelines, ensuring code quality checks are automated.Develop scripts and automation tools using Python, Shell, or other scripting languages to streamline processes.Documentation & Reporting:
Prepare system, boundary, and authorization architectural diagrams using Visio.Support the ATO process by documenting scans, creating diagrams, gathering artifacts, and addressing Security Control Assessments.Collaboration & Cross-functional Support:
Work effectively with cross-functional teams, including developers, testers, and project managers, to ensure secure and efficient code releasesCloud Infrastructure & Containerization:
Understand and work within AWS cloud infrastructure.Utilize virtualization technologies such as VMware and containerization tools like Docker, Rancher, Kubernetes, and AWS EKS. Required Experience/Qualifications Proven experience with GitHub code scanning tools (Dependabot, CodeQL).Proficiency in security scanning and vulnerability management (e.g., OWASP Top Ten).Strong scripting and automation skills (Python, Shell).Familiarity with Agile and DevOps methodologies.Knowledge of security frameworks (NIST, VA 6500).Hands-on experience with threat modeling tools (e.g., Microsoft Threat Modeling Tool).Ability to create technical diagrams and documentation. Preferred Experience/Qualifications Familiarity with FISMA compliance and ATO processes.Experience with performance optimization tools.Strong communication skills for cross-functional collaboration. Special Requirements/Security Clearance Ability to obatain and maintain a Public Trust Options Apply for this job onlineApplyShareRefer this job to a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeedBy Light recognizes that our strength is our people. We support every employee as an individual to build strong teams across the enterprise. Our benefit package includes:
Medical, Dental & Vision Coverage Wellness Program 401(k) Matching Disability (Short Term & Long Term) Employee Assistance Program Life Insurance Education & Training Generous Leave Policy (11 Federal Holidays, PTO, and Military Leave)By Light is an Equal Opportunity and Affirmative Action Employer. All qualified candidates will receive consideration regardless of gender, race, veteran status, disability, and any other protected class in accordance with federal, state and local laws.
Application FAQsSoftware Powered by iCIMS
www.icims.com