Previous Job
Application Security/DevSecOps Engineer
Ref No.: 19-00157
Location: Reston, Virginia
AboutWeb, an award-winning IT solutions and staffing company, is seeking an Application Security/DevSecOps Engineer to join an ongoing engagement in Reston, VA.

The ideal candidate would have a developer background and then moved into the Security field in a DevSecOps capacity.

This role will have client facing responsibilities that encompass Application security and DevSecOps engineer skill sets.

Responsibilities include 
securing our client's cloud and microservices based application environments by integrating security tools, configurations, and testing into Continuous Integration/Continuous Delivery (CI/CD) pipelines in an Agile environment.

The successful candidate will also run manual static and dynamic analysis testing tools, perform penetration testing, analyze security testing results, and work with developers, DevOps, and security team members to resolve vulnerabilities.

Further, the candidate will perform security tasks such as application threat modeling, communicate secure coding best practices, optimize the DevSecOps tool chain, analyze security control assessment findings, and assist with development and maintenance of system security documentation.

At various times, production security operations tasks such as analysis of application security issues and assisting with incident response may also be required. The successful candidate should be open to sharing their knowledge with the team and helping advance a culture of security within their projects.

Required Skills:

  • 3+ years of Application Security/DevSecOps Engineer experience with the following skills:
    • DevSecOps and Agile methodologies
    • JIRA
    • Jenkins (or equivalent)
    • Nessus (or equivalent)
    • BurpSuite or equivalent Dynamic Analysis Security Testing tool
    • SonarQube or equivalent Static Analysis Security Testing tool
    • Amazon Web Services (AWS) - Cloud Computing Services
    • Linux (RedHat, CentOS preferred)
  • NIST SP800-37Rev.1 Risk Management Framework
  • Development and maintenance of security program documentation (security policies, procedures, standards, etc.)
  • Business Continuity and Disaster Recovery Planning and Testing
  • Analysis of security testing findings, control implementations, and resultant security documentation updates (Plan of Action and Milestones, System Security Plans, etc.)
  • Experience working directly with clients
  • Ability to work autonomously and consistently deliver within deadlines
  • Experience with creating and maintaining detailed documentation
  • Excellent oral and written communication skills
  • Excellent multitasking skills