Security Engineer

JOB DESCRIPTION

Onsite
 
  
 
 
As a member of the Security & Infrastructure Operations team, this senior level IT Security will support the team by leading major security initiatives, implementations, and integrations. Additionally, the resource will drive application and infrastructure security within multiple platforms to minimize application vulnerabilities and application risk:
 
 
Security Integration:  Integrate security as an integral part of the CI/CD pipeline, automating security testing and scanning processes.
 
Vulnerability Management:  Identify, assess, and manage security vulnerabilities throughout the SDLC.
 
Security Automation:  Implement and maintain security automation tools and scripts to streamline security processes.
 
Threat Modeling and Risk Assessment:  Conduct threat modeling and risk assessments to identify potential security vulnerabilities.
 
Security Policy and Compliance:  Enforce security policies and ensure compliance with agency policies and relevant regulations and standards.
 
Collaboration:  Work closely with other IT teams and stakeholders to ensure security best practices are followed.
 
Incident Response:  Participate in security incident response and recovery efforts.
 
Continuous Improvement:  Continuously improve security practices and tools based on industry best practices and emerging threats.
 
 
Documentation:  Document security processes, procedures, and findings.
 
  
 
 
 
 
 
 
 
 
 
Skill
 
 
 
 
 
Required / Desired
 
 
 
Amount
 
 
 
of Experience
 
 
 
 
 
 
 
College Degree
 
 
 
 
Required
 
4
 
Years
 
 
 
 
Proficient in using vulnerability management tools (Qualys)
 
 
Required
 
4
 
Years
 
 
 
 
Proficient in using security scanning tools (Checkmarx, Digitsec)
 
 
Required
 
4
 
Years
 
 
 
 
Proficient in using DevOps platforms (Azure DevOps, Copado)
 
 
Required
 
4
 
Years
 
 
 
 
Proficient in using Cloud platforms (Salesforce)
 
 
Required
 
4
 
Years
 
 
 
 
Hands-on experience with frameworks and programming languages (Apex,.Net)
 
 
Required
 
4
 
Years
 
 
 
 
Hands-on experience with operating systems (Windows, Linux)
 
 
Required
 
4
 
Years
 
 
 
 
Working knowledge of security frameworks and standards (FIPS 199, OWASP Top10, SANS 25, NIST, etc.)
 
 
Required
 
4
 
Years
 
 
 
 
CompTIA Security+ Certification
 
 
Desired
 
  
 
  
 
 
 
 
Salesforce Certified Administrator
 
 
Desired
 
  
 
  
 
 
 
 
Strong communication and collaboration skills.
 
 
Desired
 
  
 
  
 
 
 
 
Problem-solving and analytical skills.
 
 
Desired
 
  
 
  
 
 
 
 
Experience leading significant technology initiatives.
 
 
Desired
 
  
 
  
 
 
 
 
Taking proactive steps to identify and address problems, rather than waiting for instructions
 
 
Desired
 
  
 
  
 
 
 
 
Ability to drive yourself to complete tasks and meet deadlines without constant reminders.
 
 
Desired
 
  
 
  
 
 
 
 
Ability to work in a fast-paced and dynamic environment.
 
 
Desired
 
  
 
  
 
 
 
 
Ability to work cross-functionally with other IT teams and stakeholders.
 
 
Desired
 
  
 
  
 
 
 
 
Working knowledge of web application security tools (F5 WAF)
 
 
Nice to have
 
  
 
  
 
 
 
 
Working knowledge of SIEM/SOAR tools (Google Chronicle)
 
 
Nice to have
 
  
 
  
 
 
 
 
Working knowledge of integration platforms (ServiceNow, MuleSoft)
 
 
Nice to have
 
  
 
  
 
 
 
 
Working knowledge of identity and privilege access management
 
 
Nice to have
 
  
 
 
 
 
 
 
  
 
 
 
 
 
 
Please confirm that your candidate can work onsite.
 
 
 
 
  
 
 
 
 
 
 
What skills do you have that are relevant to this position?
 
 
 
 
  
 
Can you describe a time when you identified a security vulnerability??