Foxhole Technology, Inc. DevSecOps Application Engineer in Springfield, Virginia
Job Title: DevSecOps Application Engineer
Location: Springfield, VA
Foxhole Technology is seeking a DevSecOps Application Engineer in support of a Government client. The individual should be prepared to provide the following:
Recommend improvements to current processes and procedures and assist in refining the methods of support and activities conducted within this task.
Conduct the Agile / DevSecOps application development security activities as described in the SOW.
Develop processes to ensure that application design decisions are reviewed for compliance with Federal requirements, FISMA controls, security, and Technical Standards.
Coordinate with key stakeholders:
Interface with SO/ISSO of each FISMA system to ensure security requirements and concerns are identified and addressed as early in the DevSecOps process as possible.
Integrate with Agile Development teams to ensure security is integrated into Agile sprints at the beginning of the sprint planning.
Provide security guidance to sprint planning efforts and building security user stories as part of the sprint.
Perform initial security scanning/testing of prototyped applications to provide initial feedback to developers (as needed).
Develop and document processes and techniques to perform security testing against any new/modified application features being implemented.
Ensure the security, governance, and compliance requirements for applications are appropriately included within each Agile sprint.
Review goals for each Agile sprint to determine potential security concerns which may not be adequately addressed in existing policy. Bring these items to the attention of federal staff early so that appropriate direction can be provided and included within the development process for each Agile sprint.
Update product back log and sprint backlog with relevant security requirements to ensure the security requirements are captured as early in the process as possible.
Ensure and Review DevSecOps security tool output is reviewed including Static Code Analysis, Dynamic Code Analysis, Vulnerability Scanning, and verification of authorized software libraries for software deployment.
Ensure DevSecOps processes are integrated with other provided systems/security mechanisms such as Splunk security monitoring, Indicator of Compromise (IOC) Scanning, Identity Management/Federation systems, DHS PIV Authentication requirements, DHS Continuous Monitoring requirements, DHS CDM Requirements, and Cloud Access Security Broker (CASB) requirements.
Identify areas within designs that can benefit from more secure designs or that would violate policy.
For any insecure design aspects identified, describe why those aspects are insecure to the project stakeholders and work with the project stakeholders to alter the design with a more secure implementation, where possible.
When more secure design concepts can’t be determined, bring the issue to the attention of federal personnel, provide a description of the issue, provide options and recommendations, and take action as directed.
Support ad-hoc Agile / DevSecOps application development security activities of a non-standard nature as they are identified to provide a benefit to security testing requirements.
At least six (6) years of technical IT security experience. Such experience can come from system or network administration, security analysis, security testing and evaluation, security incident response, security monitoring, IT project implementation, or other similar technical activities.
At least five (5) years of experience performing security control assessments (i.e. security testing such as security auditing, primary assessor for Security Control Assessments, etc.).
Experience with NIST and FIPS security controls, DISA STIGs, and CIS standards.
Experience working in groups acting as the sole security practitioner, as well as experience working in team(s) of various sizes of security personnel reviewing the same system.
External Company Name: Foxhole Technology, Inc.
External Company URL: http://www.foxholetechnology.com
Street: 6595 Springfield Center Drive
Clearance Required: DHS Suitability (EOD) Status, Secret