Application Security Engineer, Senior

Job Details

Level

Senior

Job Location

MacDill AFB - Tampa, FL

Position Type

Full Time

Education Level

4 Year Degree

Description

FEDITC, LLC is a fast-growing business supporting DoD and other intelligence agencies worldwide. FEDITC develops mission critical national security systems throughout the world directly supporting the Warfighter, DoD Leadership, & the country.

We are proud & honored to provide these services.

Overview of position :

FEDITC is seeking a Application Security Engineer, Sr. , to work at MacDill AFB . A United States Citizenship and an active TS / SCI DoD Security Clearance is required to be considered for this position.

The on-site Continuous Integration / Continuous Delivery (CI / CD) application cybersecurity engineer will specialize in implementing security analysis tools and security gates into all stages of the CI / CD pipeline.

Primary function is to work with agile development teams to review application risks, provide remediation recommendations, and help prevent future risks by cultivating secure coding practices.

The ideal candidate is someone with a developer background, has DevSecOps experience, and has performed application cybersecurity testing in a prior role.

Must also have excellent attention to detail, strong analytic, and communication skills, as well as a working knowledge and understanding of application cybersecurity toolsets used in the CI / CD DevSecOps pipelines.

In addition, the contractor will provide application cybersecurity engineer expertise, collaborate with agile development teams, and integrate DevSecOps pipeline solutions, defining a security baseline per product to ensure proper cybersecurity and compliance.

Responsibilities :

• Provide cybersecurity guidance and direction in the design, development and implementation of automated solutions, based on a set of standards and processes that enable CI / CD developers to easily apply cybersecurity and compliance services.
• Responsible for, support of, and coordinating with other Engineers, Architects, and teams in implementing a comprehensive cloud and application cybersecurity program in a DevOps environment.
• Automate cybersecurity testing using a variety of architectures and cutting-edge technologies.
• Design, execute, and maintain automated cybersecurity testing for web applications (apps), mobile apps, and application programming interfaces (APIs).
• Actively review and implement improvements to drive continuous improvement of the efficiency, speed, and quality of the CI / CD DevSecOps environment.
• Leverage DevSecOps tools to build, harden, maintain and instrument a comprehensive cloud-based cybersecurity orchestration platform to be used in product CI / CD pipelines.
• Integrate cybersecurity practices across the continuous delivery pipeline to provide a comprehensive automated cloud and application cybersecurity solution.
• Perform risk and vulnerability assessments of CI / CD IT and IS platforms for authorization; prepare risk assessment reports for submission to the SCA and AO in accordance with DoD, USCYBERCOM, USSOCOM policies, procedures, and regulations.
• Coordinate, manage and facilitate CI / CD application cybersecurity compliance processes with internal and external stakeholders to provide timely deliverables and rapid remediation.
• Support the development of standards by creating templates and patterns for ease of use and increase the productivity of the cybersecurity program.
• Foster, and build a community of practice for collective learning of the cybersecurity tools, practices, and systems across all disciplines.
• Maintain application cybersecurity toolsets used in the development pipelines. Work hand in hand with developer teams to implement testing into their pipelines.
• Professional curiosity that leads to learning and staying current with business best practices.
• Work with leadership to identify and revise cybersecurity testing approaches.
• Able to work on multiple projects and prioritize accordingly.

Qualifications

Experience / Skills :

• 8+ years of related experience.
• Experience with CI / CD DevSecOps integration with tools such as Jenkins, JIRA, GitLab, and Bitbucket
• Strong experience in cloud and application cybersecurity domains.
• Experience with OR knowledge of supporting Cloud based platforms (Google, Microsoft, Amazon Web Services (AWS), and Military Cloud (MilCloud)).
• Experience with OR knowledge of Open Containers Initiative (OCI) compliant containers and OpenShift Container Platform technology utilizing Kubernetes orchestration technology.
• Strong and evolving competence in one or more programming languages and scripting using Python, Personal Homepage (PHP), Just Another Virtual Architecture (JAVA), JAVA Script, Power Business Intelligence (BI) and .Net Core.
• Experience with container cybersecurity solutions such as Twistlock and Claire to scan for vulnerabilities within OCI containers.
• Have used source control (github / gitlab) to manage code.
• Experience working in a Linux or Universal Network Information Exchange (UNIX) based environment.
• Extensive experience in implementing and enforcing application cybersecurity and vulnerability management.
• Thorough understanding of release strategies that minimize or eliminate application downtime.
• Experience with Change Management and Ticketing Systems (Remedy).
• A good understanding of the Software Development Life Cycle (SDLC) and Agile software development methodology
• Experience with OR knowledge of the Risk Management Framework (RMF), Security Technical Implementation Guides (STIGs) and NIST regulations

Education :

BA / BS degree

Certifications :

IAT Level II

Clearance :

• Active TS / SCI clearance is required.
• Must be a US Citizen and pass a background check.
• Maintain applicable security clearance(s) at the level required by the client and / or applicable certification(s) as requested by FEDITC and / or required by FEDITC'S Client(s) / Customer(s) / Prime contractor(s).

FEDITC, LLC. is committed to fostering an inclusive workplace and provides equal employment opportunities (EEO) to all employees and applicants for employment.

We do not employ AI tools in our decision-making processes. Regardless of race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran.

FEDITC, LLC. ensures that all employment decisions are made in accordance with applicable federal, state, and local laws.

Our commitment to non-discrimination in employment extends to every location in which our company operates.