We are seeking a Subject Matter Expert (SME)levelLead Security Engineer to lead application security across a large-scale cloud-native federal modernization program. This role provides technical and management leadership on major security tasks embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOpsmethodology. The ideal candidate will architect and enforceZero Trustprinciples driveAuthorization to Operate (ATO)activities and directapplicationsecurity testing threat modeling and vulnerability remediation across a System of Systems (SoS). This positioninterfaces withsenior Government stakeholders and the Office of Information Security (OIS) and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others.
What Youll be Doing:
Lead the design and implementation of application security solutions frameworks and processes across all phases of the SDLC
ImplementZero Trust (ZT) principlesfor applications workloads and data aligned with EO 14028 OMB M-22-09 and NIST SP 800-207 (Zero Trust Architecture)
Integrate security into DevSecOpsCI/CD pipelines establishing security gates automated code inspection and supply-chain controls including Software Bill of Materials (SBOM) generation
Direct Static and Dynamic Application Security Testing (SAST/DAST) vulnerability assessments and penetration testing toidentify triage and remediate security weaknesses
Lead threat modelingexercises to analyze application architectureidentifyattack vectors and document mitigation strategies throughout design development testing and deployment
Support the Authorization to Operate (ATO)process including security control assessment artifact and evidence collection Privacy Threshold Analysis/Privacy Impact Assessment support and Plan of Action and Milestones (POA&M) management
Implement security controls in accordance with theNIST Cybersecurity Framework and NIST SP 800-53 and remediate identified vulnerabilities and compliance findings
Design and implement secure architecture patterns secure API design authentication/authorization input validation encryption secure logging and monitoring (SIEM) and secure error/session/configuration management
Develop and maintainmetrics dashboards and reportingto track application security posture threat trends and remediation progress over time
Support the development and management of Interagency Security Agreements (ISA) security playbooks and incident responsein accordance withcurrent cybersecurity policies
Collaborate with application developers data engineers systems engineers and OIS to identify and mitigate vulnerabilities and provide expert security consultation to development teams
Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results as applicable
Required Education Experience and Skills:
Bachelors degreein Information Technology Computer Science Cybersecurity or a related field
15 yearsof relevant IT/cybersecurity experience providing technical and management leadership on major tasks or technology assignments (SME level)
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Demonstrated expertise in integrating security into a DevSecOpsSDLC including CI/CD security gates and automated security testing
Hands-on experience implementing Zero Trust Architectureand applying NIST SP 800-53 controls and the NIST Cybersecurity Framework
Proven experience leading vulnerability assessments penetration testing and threat modelingfor enterprise applications
Experience supporting the ATO lifecycleand managing POA&Ms security artifacts and evidence collection
U.S. Citizenship required
Preferred Skills and Experience:
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Experience generatingSoftware Bill of Materials (SBOMs)and implementing software supply-chain security controls
Familiarity with SIEMdeployment container/image hardening and secure baseline configuration
Experience in large-scale multi-cloud federal environments and FedRAMP processes
Strong analytical problem-solving written and verbal communication skills including the ability to brief senior Government stakeholders
Our estimated salary range for this position is $120000 - $190000; this presented salary range is not a guarantee of compensation or salary. Offered salary is based on experience geographic location and possibly contractual requirements as appropriate to the role. *Salary could fall outside of this range.
Who We Are
Dev Technology is a growing IT company with an employee-centric culture that works on mission-critical projects for the federal government. We partner with our federal customers to deliver technology services and solutions and to drive our clients missions forward through innovation. We use Agile and DevSecOpsprinciples to provide services including application development biometrics and identity management cloud and infrastructure optimization IT and legacy modernization and data management.
As a Washington Post Top Workplace award winner for the past THIRTEEN years in a row the Top Workplaces USA for the past five years and a recipient of the Companies As Responsive Employers (CARE) Award for the past six years Dev Technology employees enjoy:
Generous and flexible time-off policy
Flexible work schedules and telework options including remote work availability for eligible projects
Career development opportunities including a mentorship program technical and management training through Dev University hands-on learning through DevLab tuition reimbursement and paid training opportunities
Industry-leading benefits including a choice of two health plans that include dental and vision flexible spending account commuter benefits life insurance and more
401K matching with a 5% matching contribution
Regular team and company social events including our annual party happy hours fitness challenges and more
A focus on community engagement including company wide support activities employer match for donations and time off for volunteer efforts
To learn more about working at Dev Technology visit Working At Dev Technology Group
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
Dev Technology Group operates in the following states: AL AR AZ CO DC FL GA ID IL IN MD MA ME MI MN MO MS NC NJ OH OR PA SC TN TX VA WV.
SMS Terms and Privacy Notice
Dev Technology Group offers you the option to engage in SMS text conversations about your job application. By participating you also understand that message frequency may vary depending on the status of your job application and that message and data rates may apply. Please consult your carrier for further information on applicable rates and fees. Carriers are not liable for delayed or undelivered messages. Reply STOP to cancel and HELP for help. By opting-in to receiving SMS text messages about your job application you acknowledge and agree that your consent data mobile number and personal information will be collected and stored solely for the purpose of providing you with updates and information related to your job application. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Required Experience:
IC
Lead Security Engineer #1073Security Requirement: U.S. Citizenship requiredWork Location:Suitland MDWe are seeking a Subject Matter Expert (SME)levelLead Security Engineer to lead application security across a large-scale cloud-native federal modernization program. This role provides technical and m...
Lead Security Engineer #1073
Security Requirement: U.S. Citizenship required
Work Location:Suitland MD
We are seeking a Subject Matter Expert (SME)levelLead Security Engineer to lead application security across a large-scale cloud-native federal modernization program. This role provides technical and management leadership on major security tasks embedding security into every phase of the System Development Life Cycle (SDLC) using a DevSecOpsmethodology. The ideal candidate will architect and enforceZero Trustprinciples driveAuthorization to Operate (ATO)activities and directapplicationsecurity testing threat modeling and vulnerability remediation across a System of Systems (SoS). This positioninterfaces withsenior Government stakeholders and the Office of Information Security (OIS) and decision-making and domain knowledge may have a critical impact on overall program implementation. May supervise others.
What Youll be Doing:
Lead the design and implementation of application security solutions frameworks and processes across all phases of the SDLC
ImplementZero Trust (ZT) principlesfor applications workloads and data aligned with EO 14028 OMB M-22-09 and NIST SP 800-207 (Zero Trust Architecture)
Integrate security into DevSecOpsCI/CD pipelines establishing security gates automated code inspection and supply-chain controls including Software Bill of Materials (SBOM) generation
Direct Static and Dynamic Application Security Testing (SAST/DAST) vulnerability assessments and penetration testing toidentify triage and remediate security weaknesses
Lead threat modelingexercises to analyze application architectureidentifyattack vectors and document mitigation strategies throughout design development testing and deployment
Support the Authorization to Operate (ATO)process including security control assessment artifact and evidence collection Privacy Threshold Analysis/Privacy Impact Assessment support and Plan of Action and Milestones (POA&M) management
Implement security controls in accordance with theNIST Cybersecurity Framework and NIST SP 800-53 and remediate identified vulnerabilities and compliance findings
Design and implement secure architecture patterns secure API design authentication/authorization input validation encryption secure logging and monitoring (SIEM) and secure error/session/configuration management
Develop and maintainmetrics dashboards and reportingto track application security posture threat trends and remediation progress over time
Support the development and management of Interagency Security Agreements (ISA) security playbooks and incident responsein accordance withcurrent cybersecurity policies
Collaborate with application developers data engineers systems engineers and OIS to identify and mitigate vulnerabilities and provide expert security consultation to development teams
Assist in FedRAMP certification activities and the assessment/remediation of independent penetration testing results as applicable
Required Education Experience and Skills:
Bachelors degreein Information Technology Computer Science Cybersecurity or a related field
15 yearsof relevant IT/cybersecurity experience providing technical and management leadership on major tasks or technology assignments (SME level)
Certified Information Systems Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
Demonstrated expertise in integrating security into a DevSecOpsSDLC including CI/CD security gates and automated security testing
Hands-on experience implementing Zero Trust Architectureand applying NIST SP 800-53 controls and the NIST Cybersecurity Framework
Proven experience leading vulnerability assessments penetration testing and threat modelingfor enterprise applications
Experience supporting the ATO lifecycleand managing POA&Ms security artifacts and evidence collection
U.S. Citizenship required
Preferred Skills and Experience:
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
Experience generatingSoftware Bill of Materials (SBOMs)and implementing software supply-chain security controls
Familiarity with SIEMdeployment container/image hardening and secure baseline configuration
Experience in large-scale multi-cloud federal environments and FedRAMP processes
Strong analytical problem-solving written and verbal communication skills including the ability to brief senior Government stakeholders
Our estimated salary range for this position is $120000 - $190000; this presented salary range is not a guarantee of compensation or salary. Offered salary is based on experience geographic location and possibly contractual requirements as appropriate to the role. *Salary could fall outside of this range.
Who We Are
Dev Technology is a growing IT company with an employee-centric culture that works on mission-critical projects for the federal government. We partner with our federal customers to deliver technology services and solutions and to drive our clients missions forward through innovation. We use Agile and DevSecOpsprinciples to provide services including application development biometrics and identity management cloud and infrastructure optimization IT and legacy modernization and data management.
As a Washington Post Top Workplace award winner for the past THIRTEEN years in a row the Top Workplaces USA for the past five years and a recipient of the Companies As Responsive Employers (CARE) Award for the past six years Dev Technology employees enjoy:
Generous and flexible time-off policy
Flexible work schedules and telework options including remote work availability for eligible projects
Career development opportunities including a mentorship program technical and management training through Dev University hands-on learning through DevLab tuition reimbursement and paid training opportunities
Industry-leading benefits including a choice of two health plans that include dental and vision flexible spending account commuter benefits life insurance and more
401K matching with a 5% matching contribution
Regular team and company social events including our annual party happy hours fitness challenges and more
A focus on community engagement including company wide support activities employer match for donations and time off for volunteer efforts
To learn more about working at Dev Technology visit Working At Dev Technology Group
Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans
Dev Technology Group operates in the following states: AL AR AZ CO DC FL GA ID IL IN MD MA ME MI MN MO MS NC NJ OH OR PA SC TN TX VA WV.
SMS Terms and Privacy Notice
Dev Technology Group offers you the option to engage in SMS text conversations about your job application. By participating you also understand that message frequency may vary depending on the status of your job application and that message and data rates may apply. Please consult your carrier for further information on applicable rates and fees. Carriers are not liable for delayed or undelivered messages. Reply STOP to cancel and HELP for help. By opting-in to receiving SMS text messages about your job application you acknowledge and agree that your consent data mobile number and personal information will be collected and stored solely for the purpose of providing you with updates and information related to your job application. No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.