Position Summary:
GSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.
Job Requirements:
- Strong written and verbal communication skills
- Must have GitLab CI/CD pipeline experience
- Assist in the development and implementation of the DevSecOps strategy to include the definition and goals of the over-arching framework and methodologies
- Assist customers with implementing a secure CI/CD pipeline utilizing DevSecOps principles and practices to increase automation and reduce human involvement in the process
- Reviewing source code for potential security vulnerabilities
- Strong analytical skills to assess risks and vulnerabilities in complex systems
- Writing security test cases to check for vulnerabilities or broken/missing security controls.
- Implement automated security controls as part of CI/CD pipelines
- Support development teams with secure code (DAST, SAST, Dependency, Secret Detection, Container scans, etc.) reviews and other assessments to identify security weaknesses and vulnerabilities
- Establish and maintain secure coding standards and best practices to provide guidance and training to development teams on security best practices
- Recommend cyber defense and vulnerability assessment tools
- Review and research monthly continuous monitoring controls documentation tasks that is required by OIS
- Continuous Process Improvement, actively contribute to the development of standardized operating procedures (SOPs) for API security testing
- Collaborate closely with cross-functional teams, including system administrators and Information System Security Officers (ISSOs)
Security Clearance Requirement:
- Active Public Trust and eligible to obtain a Secret clearance
Certifications/Licenses:
- At least Ten (10) years of experience working in cybersecurity or information technology with a bachelor’s degree. Minimum of 5 years’ experience in vulnerability management, application and software security team, Malware analysis, digital forensics, data/network analysis, penetration testing, information assurance, leading incident handling
- Solid experience in application security and software development in one or more programming languages such as C#, Java, Python, etc
- Experience with security tools such as SAST, DAST, IAST, SCA and other security tools
- Familiarity with industry-standard security frameworks such as OWASP, NIST, BSIMM etc
- Experience with CICD pipeline, security tools integration and secure SDLC
- Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
- CISSP, OSCP, any DevSecOps or other related Information Security certification
- Experience with cloud-based infrastructure (AWS, Azure, or GCP)
Job Category: Information Technology (IT) and Cybersecurity.