The DevSecOps Security Engineer will support the team, with high level planning, systems architecture and technical direction. This is a hands-on role and requires an application security professional who has a solid background in application and product development and current coding experience, combined with an understanding of Information Security and Secure Coding / Secure Software Development principles. Responsible for overseeing security operations within the CI/CD pipeline. Responsible and accountable for risk by openly exchanging ideas and opinions and elevating concerns. Work to collect requirements, perform the appropriate analysis, develop the strategic roadmap, and all associated documentation. Act as the primary point of contact between the IT Security Team and the customer. Serve as a subject matter expert with regards to IT Security and associates services.
Essential Job Duties:
* Serve as security engineer on the EACMS DevSecOps Team
* Ensuring that relevant threat and vulnerability data is considered in support of security relevant decisions
* Providing the evidence necessary to support assurance claims and to substantiate the determination that the system is sufficiently trustworthy
* Conducting security risk management activities, producing related security risk management
information, and advising the engineering team and key stakeholders on the security-relevant
impact of threats and vulnerabilities to the mission/business supported by the system
* Analyze, install and configure security tools in the cloud and CI/CD pipeline
* Perform static and dynamic code analysis for known security vulnerabilities.
* Discover and resolve vulnerabilities with a risk-based approach and run testing.
* Develop software infrastructure to manage automatic production deployment.
* Develop scripts, fulfilling non-functional requirements such as deploy-ability, performance, maintainability, security, and scalability.
* Receive work assignments from DevSecOps. Create work products and ensure compliance with requirements and work quality.
* Interface with government security leadership regarding requirements and concerns
* Maintain team communication
* Develop and implement information sharing regarding cybersecurity best practices and common vulnerabilities
* Support process, technical and R&D activities
Education and Experience Requirements
* Associate's Degree Required; Bachelor's degree from an accredited college or university preferred
* At least four (4) years of information Security experience is preferred
* Preferred knowledge of: Federal Information Management Security Act (FISMA), Federal Information System Control Audit Manual (FISCAM), , Office of Management and Budget (0MB) A-123, 0MB A-127, and 0MB A-130, FedRAMP, NIST SP 800-53, NIST SP 800-160, NIST SP 800-137, NIST SP 800-171
* Certified Information Systems Security Professional (CISSP) desired.
* Prompt delivery of projects and tasks assigned
* Responds quickly to new instructions, situations, methods, and procedures
* Makes effective use of discretionary time
* Demonstrate the ability to work with minimal guidance and oversight
* Demonstrate the ability to research new ideas or problems when needed
Additional Requirements, as per contract/client:
* Ability to obtain and maintain Public Trust Security Clearance
* Five years United States Residency
A committed and diverse workforce is our most important resource.
MAXIMUS is and Affirmative Action/Equal Opportunity Employer.
MAXIMUS provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.