DevSecOps Software Assurance Specialist

Who We Need

We are seeking talented professionals to support cloud-based processes for Digital Engineering enabling Digital Threads for and Digital Twins of complex weapon systems. Our DoD customers have urgent and persistent needs to address new capabilities of near-peer strategic competitors and asymmetric threats from disruptive actors.

What Youll Do
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.

As a DevSecOps Software Assurance Expert you will play a pivotal role in ensuring the security and integrity of a CI/CD pipeline for Department of Defense (DoD) applications throughout their lifecycle. You will leverage your expertise in automated testing secure development practices and security mitigation to ensure that applications meet stringent DoD security requirements. You will work directly with development testing and security teams to automate security testing processes and ensure that DoD applications are fully compliant with the latest security standards and policies. This role requires experience in both software assurance and automated testing with a deep understanding of DoD regulations and security frameworks.

Key Responsibilities

Automated Security Testing and Integration:

• Implement and automate security testing frameworks within CI/CD pipelines to ensure security vulnerabilities are detected early in the development process.

• Design and configure automated tools for static and dynamic code analysis vulnerability scanning and penetration testing for DoD applications.

• Ensure that automated security tests are comprehensive and address specific security risks related to DoD environments such as confidentiality integrity and availability.

Compliance and Security Standards:

• Ensure compliance with DoD security standards and frameworks such as the Risk Management Framework (RMF) NIST 800-53 and DISA STIGs.

• Develop security test plans and strategies to verify that applications meet specific security requirements and are compliant with federal regulations and DoD policies.

• Conduct security audits and assessments to validate the security posture of DoD applications.

Consulting and Collaboration:

• Collaborate closely with development teams security experts and project stakeholders to define and implement security testing requirements and best practices.

• Advise on secure software development practices and guide teams on implementing secure coding standards code reviews and vulnerability management.

• Provide expert advice on risk assessments vulnerability remediation and incident response strategies specific to DoD applications.

Continuous Improvement and Automation:

• Lead the automation of security testing processes to increase efficiency reduce risk and speed up development cycles.

• Identify and implement new tools and methodologies for enhancing automated security testing in DoD environments.

• Continuously monitor the security landscape and make improvements to automated testing frameworks based on emerging threats and vulnerabilities.

Documentation and Reporting:

• Create and maintain detailed documentation of security testing processes test results risk assessments and compliance reports.

• Present findings vulnerabilities and remediation recommendations to technical and non-technical stakeholders ensuring transparency and alignment with DoD objectives.

• Develop and deliver security awareness training for development teams on secure coding and automated security testing practices.

Security Tool Management:

• Manage and optimize security tools for automated testing vulnerability scanning and compliance monitoring ensuring they meet DoD security and performance requirements.

• Stay up-to-date with new security testing technologies frameworks and industry trends that could benefit DoD application security assurance.

Qualifications

Required Qualifications

• Bachelors degree in Computer Science Cybersecurity or a related field.

• Proven experience in automated security testing for complex applications preferably in DoD or government environments.

• Expertise with security tools such as Fortify SonarQube Anchore OWASP ZAP and Nessus for static and dynamic analysis.

• In-depth knowledge of DoD security standards (RMF NIST 800-53 DISA STIGs) and experience with security compliance processes within DoD projects.

• Strong understanding of secure coding practices and the ability to guide development teams in identifying and mitigating security vulnerabilities.

• Experience with DevSecOps tools and practices including CI/CD pipeline integration Jenkins GitLab and container security.

• Strong analytical and problem-solving skills with the ability to translate complex security challenges into practical solutions.

• Excellent communication skills with the ability to engage with cross-functional teams management and external stakeholders to drive security initiatives.

• Experience working in highly regulated environments and a strong understanding of the security and compliance requirements unique to the DoD.

• Security certifications such as SEC CISSP CISM or CEH are a plus.

Working Conditions:

• Fast-paced dynamic environment with frequent interactions with cross-functional teams.

• Self-motivated for team engagement via a remote work environment.

Personal Development

• Demonstrates values through own behaviors; sets clear priorities and aligns all activities; sets/achieves high personal standards for performance/conduct.

• Communicates effectively in all directions; encourages innovation.

• Recognizes and celebrates accomplishment; helps the team lead and/or adapt to change; encourages teaming/networking across the company.

• Assists with defining project team requirements for projects within solution area.

Supervision: No direct reports

Career Path:

• Opportunities for career growth into senior business analyst roles product management or project management for digital engineering solutions.

Minimum Qualifications

• Problem Solving: Identifies and resolves problems in a timely manner; develops alternative solutions; works well in group problem solving situations.

• Written Communication: Writes clearly and informatively; edits work for spelling and grammar; able to read and interpret written information.

• Ethics: Treats people with respect; works with integrity and ethically; upholds organizational values.

• Strategic Thinking: Develops strategies to achieve goals; adapts strategy to changing conditions.

• Planning/Organizing: Prioritizes work activities; sets goals and objectives; organizes or schedules tasks effectively.

• Professionalism: Approaches others tactfully; reacts well under pressure; accepts responsibility for own actions.

• Innovation: Displays creativity; generates suggestions for improvement; develops innovative approaches.

• Language Skills: Ability to read analyze and interpret business/technical documents.

• Mathematical Skills: Ability to apply concepts such as fractions percentages ratios and proportions.

• Reasoning Ability: Collects data establishes facts and draws valid conclusions.

• Physical Demands: Regularly required to sit talk type or hear. Frequently required to walk handle or feel.

• Work Environment: Temperature-controlled office environment with exposure to electronic office equipment.