Application Security Engineer, Senior
Camp Lejeune, North Carolina, United States
- Provide cybersecurity guidance and direction in the design, development and implementation of automated solutions, based on a set of standards and processes that enable CI/CD developers to easily apply cybersecurity and compliance services.
- Responsible for, support of, and coordinating with other Engineers, Architects, and teams in implementing a comprehensive cloud and application cybersecurity program in a DevOps environment.
- Automate cybersecurity testing using a variety of architectures and cutting-edge technologies.
- Design, execute, and maintain automated cybersecurity testing for web applications (apps), mobile apps, and application programming interfaces (APIs).
- Actively review and implement improvements to drive continuous improvement of the efficiency, speed, and quality of the CI/CD DevSecOps environment.
- Leverage DevSecOps tools to build, harden, maintain and instrument a comprehensive cloud-based cybersecurity orchestration platform to be used in product CI/CD pipelines.
- Integrate cybersecurity practices across the continuous delivery pipeline to provide a comprehensive automated cloud and application cybersecurity solution.
- Perform risk and vulnerability assessments of CI/CD IT and IS platforms for authorization; prepare risk assessment reports for submission to the SCA and AO in accordance with DoD, USCYBERCOM, USSOCOM policies, procedures, and regulations.
- Coordinate, manage and facilitate CI/CD application cybersecurity compliance processes with internal and external stakeholders to provide timely deliverables and rapid remediation.
- Support the development of standards by creating templates and patterns for ease of use and increase the productivity of the cybersecurity program
- Foster, and build a community of practice for collective learning of the cybersecurity tools, practices, and systems across all disciplines.
- Maintain application cybersecurity toolsets used in the development pipelines. Work hand in hand with developer teams to implement testing into their pipelines.
- Professional curiosity that leads to learning and staying current with business best practices.
- Work with leadership to identify and revise cybersecurity testing approaches.
- Able to work on multiple projects and prioritize accordingly.
Requirements
- Experience with CI/CD DevSecOps integration with tools such as Jenkins, JIRA, GitLab, and Bitbucket Strong experience in cloud and application cybersecurity domains.
- Experience with OR knowledge of supporting Cloud based platforms (Google, Microsoft, Amazon Web Services (AWS), and Military Cloud (MilCloud))
- Experience with OR knowledge of Open Containers Initiative (OCI) compliant containers and OpenShift Container Platform technology utilizing Kubernetes orchestration technology.
- Strong and evolving competence in one or more programming languages and scripting using Python, Personal Homepage (PHP), Just Another Virtual Architecture (JAVA), JAVA Script, Power Business Intelligence (BI) and .Net Core.
- Experience with container cybersecurity solutions such as Twistlock and Claire to scan for vulnerabilities within OCI containers.
- Have used source control (github/gitlab) to manage code.
- Experience working in a Linux or Universal Network Information Exchange (UNIX) based environment.
- Extensive experience in implementing and enforcing application cybersecurity and vulnerability management.
- Thorough understanding of release strategies that minimize or eliminate application downtime.
- Experience with Change Management and Ticketing Systems (Remedy).
- A good understanding of the Software Development Life Cycle (SDLC) and Agile software development methodology
- Experience with OR knowledge of the Risk Management Framework (RMF), Security Technical Implementation Guides (STIGs) and NIST regulations
- Active TS/SCI clearance required.
- Bachelor’s degree
- 8+ years relevant experience
- IAT Level II
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security AWS Bitbucket CI/CD Clearance Clearance Required Cloud Compliance DevOps DevSecOps DoD GitHub Java Jira Kubernetes Linux NIST PHP Python Risk assessment Risk Assessment Report Risk management Scripting SDLC TS/SCI Twistlock UNIX Vulnerabilities Vulnerability management
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs