Security Engineer

Acuity

$90K — $130K *
US-AnywhereRemote in Washington DC, US
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Hands-on expertise with Fortify SSC, Fortify Security Assistant IDE Plugin, OWASP ZAP, and Audit Workbench.
  • Active certification (CISSP, CISM, CEH, etc.) approved by the Government PM.
  • Minimum five years in security engineering or operations.
  • Experience with security process mapping, analysis, and improvement.
  • Cloud service experience (PaaS, SaaS) and CI/CD tools (Jenkins, Ansible).
  • Familiarity with programming languages (Python, Java) and container technologies (Kubernetes, Docker).
  • Deep knowledge of API Security, Container Security, and Cloud Security.

Responsibilities

  • Provide technical expertise in administering Fortify and other security tools.
  • Administer applications and user access.
  • Troubleshoot security-related questions from developers and testers.
  • Review vulnerabilities in collaboration with project teams.
  • Analyze internal security and provide insights to stakeholders.
  • Support incident response actions for cloud security incidents under NIST guidelines.
  • Implement monitoring solutions and evaluate platform-level changes.

Benefits

  • Opportunity to work within a mission-driven environment.
  • Engagement with cross-functional teams across the organization.
  • Access to ongoing professional development resources.
  • Work in a dynamic, fast-paced environment with cutting-edge security tools.
Full Job Description
Overview

We are currently hiring for a Security Engineer.

Responsibilities
  • Provide hands-on technical subject matter expertise with respect to setting up and administering Fortify SSC, Fortify Security Assistant IDE Plugin, OWASP ZAP, and Audit Workbench.  Anticipate expanding to SonaType.   
  • Administer applications and users.
  • Field troubleshooting questions for developers (i.e., connections to pipelines)
  • Field troubleshooting questions for front-end users (testers, security analysts -- "is this a false positive?", etc)
  • Work with Project teams to review vulnerabilities. 
  • Familiar with Windows Server
  • Work autonomously in an area of specialization to analyze internal security and provide relevant information to internal and external customers, suppliers, and partners.
  • Have skill sets to perform computer incident response and remediation practices as outlined in NIST 800-61 (Computer Security Incident Handling Guide) and DHS 4300A Sensitive Systems Policy Handbook, Attachment F Incident Response. The staff will assist the Security Operation Center (SOC) on incident response actions for security incidents affecting the Cloud environment.
  • Assist with the implementation of monitoring capabilities for various audiences – developers, business owners, security, and infrastructure; analyze all platform level, network changes and monitor impact and provide appropriate technical solutions to resolve issues efficiently; evaluate and document operating baseline according to required standards.
  • Perform other duties as assigned by the Government.
Qualifications
  • Must have hands-on expertise with respect to setting up and administering Fortify SSC, Fortify Security Assistant IDE Plugin, OWASP ZAP, and Audit Workbench
  • Have and maintain at least one active certification such as CISSP, CCISSP, CEH, CISM, CISA, Cloud+, CCSP, or other comparable certification which must be approved in advance by the Government PM (on a case-by-case basis)
  • Minimum of five (5) years of experience in security engineering or security operations
  • Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices
  • Experience with cloud Platform as a Service (PaaS), Software as a Service (SaaS) and other cloud services
  • Experience with Continuous Integration (CI)/Continuous Delivery (CD) - Deployment pipeline experience (Jenkins, Ansible, Terraform)
  • Experience or a strong knowledge of Data at Rest Application Programing Interface (API) design
  • Experience or a strong knowledge of programming languages (Python, Java etc.)
  • Experience or a strong knowledge of container/orchestration tools (Kubernetes, Docker, Puppet, etc)
  • Have a deep understanding of API Security, Container Security, Cloud Security
  • Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting
  • Contractor shall be staffed in the Washington, DC metropolitan area, unless explicitly approved by the Government PM
  • Experience working with NIST SP 800-53, RMF, FISMA, DHS and DoD policies
  • Some other tools besides Fortify that if they appear on the candidate’s experience could be reasonable substitutes:
    • CAST
    • Code Compare
    • CodeScene Behavioral Code Analysis
    • CodeSonar
    • Coverity
    • Embold
    • Fortify Static Code Analyzer
    • Parasoft
    • PVS-Studio
    • Raxis
    • reshift
    • RIPS Technologies
    • SmartBear Collaborator
    • Understand
    • Visual Expert
    • Veracode
  • Excellent customer service, analytical, problem solving, team-building, and interpersonal skills
  • Ability to work independently and function as an integral part of the team
  • Excellent oral and written communication skills; technical and business focused, with the ability to document and describe security process information collected
  • Listening skills, the ability to detect explicit and implicit needs and wants
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
  • Proven experience in building consensus and managing cross-functional teams 

Clearance Requirements:

  • Must have an Active Secret clearance or higher.

Similar Jobs

More Jobs at Acuity

More Information Technology Jobs

Find similar Security Engineer jobs: