XOR Security is currently seeking talented Jr.-Mid Level DevSecOps Engineers to support one of our premier clients within the Department of Homeland Security. The DevSecOps Engineer will gather requirements, design, codify, integrate and implement secure solutions that support business functionality as well as the underlying infrastructure required to run and deploy those solutions.
EDUCATION & EXPERIENCE:
- Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.
- Applies coding and testing standards, security testing tools (including 'fuzzing' static-analysis code scanning tools), threat modeling, and conducts code reviews.
- Conduct trial runs of programs and software applications to ensure the desired information is produced and instructions are correct.
- Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
- Identify common coding flaws.
- Identify security issues around steady state operation and management of software.
- Incorporate security measures that must be taken when a product reaches end of life.
- Perform integrated quality assurance testing for security functionality and resiliency attacks.
- Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.
- Apply comprehensive knowledge of Information Security issues to include; but not limited to, cloud technology, internet servers, web-enabled database applications, network security, security engineering, data integrity, intrusion detection, firewall management, forensic and legal information security, virtual private networks, public key/infrastructure/digital signatures, encryption, network security architecture and DHS Policy.
- Recognize security implications in the software acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
- Perform penetration testing as required for new or updated applications.
- MUST HAVE AN ACTIVE SECRET CLEARANCE
- BS degree Science, Technology, Engineering, Math or related field and 7+ years of prior relevant software engineering or DevOps experience. Familiarity with software development life cycle models and agile programming methodologies
- A minimum of 5 years of experience in Cyber Security.
- 2+ years of hands on experience in implementing/maintaining security in a CI/CD pipeline.
- Experience in the design and automation of security tools and processes.
- One or more of the following Certifications:
- CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, SEI, CCSP, CSSLP, SSCP, CCNP, ECSP, MCSE, RHCA, RHCE, CEH, CISSP, VCA, VCP, VCAP, VCIX, VCDX, GPEN, OSCP, AWS Solutions Architect, RHSA, GXPN, GWAPT
- AWS Solutions Architect, DevOps Certs, RHCE
- Orchestration of Cloud infrastructure (Infrastructure as Code)
- Advance Degree in Computer Science or Computer Engineering
XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.
Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP AND ACTIVE SECRET CLEARANCE REQUIRED.