Application Security / DevSecOps Engineer in Reston, VA

View All Business Services jobs


Business Services   •  

Less than 5 years

Posted 7 weeks ago

Ventera's mission is to be a growing business technology consulting firm recognized for earning the loyalty of customers and employees by committing to their success. Ventera delivers innovative business and technology solutions to unique customer challenges, to help our clients achieve meaningful results. Our team brings expertise and serves as a trusted adviser to our clients in the areas of Management Consulting, Software Engineering, and Data Solutions. Walking through Ventera, you will find a highly engaged and collaborative workforce. We strive to make Ventera a fun place to work, as well as a place where you will want to stay and build your professional career. Come join us!

This role will have client facing responsibilities that encompass Application security and DevSecOps engineer skill sets. Responsibilities include securing Ventera's client's cloud and microservices based application environments by integrating security tools, configurations, and testing into Continuous Integration/Continuous Delivery (CI/CD) pipelines in an Agile environment. The successful candidate will also run manual static and dynamic analysis testing tools, perform penetration testing, analyze security testing results, and work with developers, DevOps, and security team members to resolve vulnerabilities. Further, the candidate will perform security tasks such as application threat modeling, communicate secure coding best practices, optimize the DevSecOps toolchain, analyze security control assessment findings, and assist with development and maintenance of system security documentation. At various times, production security operations tasks such as analysis of application security issues and assisting with incident response may also be required. The successful candidate should be open to sharing their knowledge with the team and helping advance a culture of security within their projects and Ventera.

Required Skills:

  • 3+ years of Application Security/DevSecOps Engineer experience with the following skills:DevSecOps and Agile methodologies
  • JIRA
  • Jenkins (or equivalent)
  • Nessus (or equivalent)
  • BurpSuite or equivalent Dynamic Analysis Security Testing tool
  • SonarQube or equivalent Static Analysis Security Testing tool
  • Amazon Web Services (AWS) - Cloud Computing Services
  • Linux (RedHat, CentOS preferred)
  • NIST SP800-37Rev.1 Risk Management Framework
  • Development and maintenance of security program documentation (security policies, procedures, standards, etc.)
  • Business Continuity and Disaster Recovery Planning and Testing
  • Analysis of security testing findings, control implementations, and resultant security documentation updates (Plan of Action and Milestones, System Security Plans, etc.)
  • Experience working directly with clients
  • Ability to work autonomously and consistently deliver within deadlines
  • Experience with creating and maintaining detailed documentation
  • Excellent oral and written communication skills
  • Excellent multitasking skills