Application Security Engineer

Summary

Join Easy Dynamics, a fast-paced organization valuing excellence and Agile methodology, as an Application Security Expert. You will provide application security expertise, support CI/CD pipelines, and collaborate with development and security teams. Responsibilities include implementing security remediations, ensuring compliance, and using security monitoring tools. You will also provide training and assist in documentation development. Easy Dynamics offers a collaborative culture where your contributions matter. The ideal candidate possesses extensive experience in application security, CI/CD, and working with various security tools.

Requirements

• U.S. citizenship required
• Bachelor’s degree in related field
• At least 5 years of demonstrated experience in the following
• Configure, operate, maintain, and monitor various application security tools and services
• Experience working with vulnerability scanning tools to identify and resolve security vulnerabilities
• Expertise in integrating security testing in automated continuous delivery pipelines (Jenkins/Travis/Ansible)
• Experience working with a modern web development stack and toolchain
• Experience working with open source and community solutions
• Experience in FedRamp IaaS/SaaS
• Experience with monitoring software dependencies and automating the creation of an SBOM (software bill of materials)

Responsibilities

• Provide application security expertise, continuous integration, software delivery, software quality, and systems documentation support to the agency’s digital assets, including the Bureau’s public-facing website, consumerfinance.gov, as well as internal software tools
• Work with the Application Development Team to discuss and implement security remediations for agency’s web products
• Work closely with the agency’s Cyber Security and Systems Engineering teams to support compliance, secure baseline development, CVE remediation, and the use of best practices in an AWS FISMA moderate environment
• Provide support to the agency’s Application Development Team in configuring and operating continuous integration and delivery (CI/CD) pipelines, incorporating security into build process using tools such as PrismaCloud, and identifying and resolving issues in the build-deploy-operation lifecycle
• Use and apply the findings of robust application security monitoring tools, including assisting in the securing and maintenance of the agency’s website at consumerfinance.gov and internal software tools
• Assist in building a strong technical foundation in build, release, and production using continuous integration tools such as Jenkins
• Engage with various agency personnel to understand requirements in order to develop better software for the Bureau and identify new ways in which the development team can easily solve CFPB issues
• Assist the agency’s Application Development team with security focus through participation in daily standup meetings, monitoring, development, and creating issues in the ticket system
• Provide training on a variety of security methodologies, best-practices, and tools along with insight into new technologies and solutions that could help the Application Team and the agency at large
• Assist in the development of Use Cases, Requirements Definition Documents, User and Administration Manuals, Detailed Design Specifications, and Training Manuals and Plans