Engineer III

Summary

Join IDEMIA National Security Solutions (NSS) as a Security Engineer and contribute to the development and delivery of secure software solutions for government agencies. You will be part of a Scaled Agile Framework scrum team, working on various projects and internal initiatives. Responsibilities include performing threat modeling, risk assessments, developing security processes, and collaborating with development teams to design secure applications. You will need extensive experience in IT security, DevSecOps, and CI/CD pipelines, along with strong communication skills. The ideal candidate will possess experience with cloud development and specific security standards. This position requires a US citizenship without dual citizenship and the ability to obtain a DoD TS clearance.

Requirements

• Five+ years of IT security, cybersecurity, or application security experience
• Strong understanding of DevSecOps processes and tools
• Experience with CI/CD pipelines, preferably with Gitlab
• Experience with cloud development in AWS or Azure
• Strong oral and written communication skills
• Experience of Linux, shell and scripting languages
• Experience of JIRA, Confluence, VNC, Git/Gitlab, and/or other similar products
• Experience of RDBMS, preferably Oracle or PostgreSQL
• Practical knowledge of and experience employing sound engineering principles and problem-solving methods
• Good working knowledge of best practices for coding including clear comments, source control, and code reviews
• Bachelor of Science in Computer Science, Information Security, Information Technology, Cyber Security, or related equivalent
• Must be a U.S. citizen
• Cannot be a dual citizen of another country
• Ability to successfully achieve and retain DoD TS clearance

Responsibilities

• Perform threat modeling, risk analysis, and risk assessments for the product and supporting infrastructure
• Perform security trade-off analysis to support technical and architectural decisions
• Develop and maintain security processes and procedures for the product and supporting infrastructure
• Act as a subject matter expert (SME) for security tools, applications and processes
• Review and assess technology services, applications, development processes, and organizational controls to determine gaps for meeting security requirements
• Design and implement changes to existing security tools, applications and processes based on changes in scope or needs
• Work directly with internal infrastructure teams to align and execute infrastructure changes to support the tools, applications and processes
• Vet security requirements for acceptance of new technology systems into products
• Provide routine communications and reports to stakeholders
• Collaborate with development teams to design secure applications
• Automate and maintain build, testing, and deployment pipelines
• Ensure code quality through automated testing and static analysis tools
• Implement and maintain security controls and compliance checks in CI/CD pipelines
• Monitor and manage application and infrastructure security vulnerabilities
• Work with a scrum team to break down features into stories and work together to size the stories
• Develop high quality code/work products from User Stories for delivery to IDEMIA customers
• Maintain application and infrastructure security for multiple operating systems including Linux and Windows
• Identifies technical path and plans work independently
• Assists other staff to develop technical paths and plan work
• Takes on tasking outside their existing technical expertise to build additional technical skills
• Communicate impediments and issues to a scrum team
• Provides support to other staff to help them identify technical blockers, root, and proximate causes, and identify when to escalate
• Learn and follow team standards and practices
• Actively participate in team code reviews as a presenter and a reviewee
• Actively share knowledge with their team and peers
• Participate in team presentations at Agile Release Train ceremonies
• Leads activities to develop/improve standards
• Review team backlog and identify work assignments
• Works with other team members to validate technical paths
• Works with other team members to develop timelines for work assignments
• Work closely with scrum team to meet sprint goals
• Self-manager who researches current and emerging technologies and adheres to best practices

Preferred Qualifications

• Proficient in Microsoft Products (Word, Excel, Outlook, SharePoint, Teams)
• Agile/Scaled Agile Framework certifications/training
• Familiarity with DoD Cyber Security Standards including: DISA STIGs, NIST 800-37 (RMF), NIST 800-53 Rev. 5, NIST 800-160 Vol. 1