Jr DevSecOps Engineer

Alexandria, VA

Company Name :IBA Infotech LLC

Type : Contract

Primary Skills : System Design, Azure, C/C++, HTML5, GPEN, FISMA, CSS, RHCE, JavaScript, Offensive Security Certified Professional, CSSLP, PowerShell, Visual Basic, SDLC, CEH, Java, .Net, CISSP, NIST, Troubleshooting

Location : Alexandria


Job Description:

  • Assist with gathering requirements, design, codify, integrate and implement secure solutions that support business functionality as well as the underlying infrastructure required to run and deploy those solutions.
  • Apply secure development/coding to include; but not limited to, cloud technology, internet servers, application whitelisting, virtualized containers, web-enabled database applications, network security, security engineering, data integrity, intrusion detection, firewall management, forensic and legal information security, virtual private networks, public key/infrastructure/digital signatures, encryption, network security architecture and DHS Policy.
  • Champion security by injecting security concerns into the existing development workflow; build security thinking into every stage of software development.
  • Coordinate with teams across the enterprise on the migration of existing IT services to the cloud; identify security technical requirements, potential problems and issues, and participate on agile software development teams.
  • Support SOC capabilities by customizing tools and automating processes for SOC and IR analysts.
Basic Qualifications:
  • The candidate must possess the technical skills and experiences with Cloud Service (AWS,Azure, etc), continuous delivery systems and enhancing SOC operations through automation.
  • Experience leading and mentoring junior members.
  • Previous professional experience with performing integrated quality assurance testing for security functionality and resiliency to attacks.
  • Previous professional experience with secure programming and identify potential flaws in codes to mitigate vulnerabilities.
  • Applies coding and testing standards, security testing tools (including ‘fuzzing’ static-analysis code scanning tools), Identify common coding flaws, threat modeling, and conducts code reviews.
  • Perform or support penetration testing as required for new or updated applications.
  • Recognize security implications in the software/code acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
  • Participate in network and system design to ensure implementation of appropriate systems security policies, designs and implement systems security and data assurance.
  • Take an approach of; plan, code, build, test, release, deploy and monitor when writing software to automate CBP SOC security tasks
  • Knowledge of Source Code Management concepts (code lines, branching, merging, integration, versioning, etc.)
  • Excellent problem solving, analytical skills and technical troubleshooting skills
  • Ability to work with customers/stakeholders, developers, testers, project managers, support staff
  • Experience acquiring in-depth understanding of large complex software systems to isolate defects, reproduce defects, assess risk and understand varied customer deployment
  • Advanced working knowledge of the following: encryption algorithms, secure communications, network and data communication protocols.
  • Familiar with standard concepts, practices, and procedures within a particular field such as NIST, FISMA and Common Criteria regulations and standards.
  • Solid Programming skills in the following programing and markup languages: Java, .Net, Python, Visual Basic, Powershell, Bash, C++, Javascript, html, css
  • One or more of the following Certifications: CEH, CISSP, CSSLP, GPEN, OSCP, AWS Solutions Architect, RHSA, GXPN, GWAPT
Preferred Qualifications:
  • AWS Solutions Architect, DevOps Certs, RHCE
  • Orchestration of Cloud infrastructure (Infrastructure as Code)
  • Advance Degree in Computer Science or Computer Engineering