Agile DevSecOps Specialist
Position Description:
This program supports our federal customer who plays a key role in providing direct agile development and security operations support to the Federal Civilian Executive Branch. Program provides software and cyber engineering and integration support to specific Government-sponsored projects, pilots, and prototypes. This includes solution planning and engineering, defining security requirements, target architecture, interoperability and integration, system testing, Verification and Validation, Modeling and Simulation, studies and analysis, post-deployment security validation (PDSV), and project risk management. As part of this team, you will contribute to the engineering of current and emerging agile development and security operations systems, policies, and processes to enforce standards and identify vulnerabilities and capability gaps to reduce cybersecurity risk of our customer networks.
Agile DevSecOps Specialist will report directly to the senior program executive group and be responsible for determining and developing innovative approaches for addressing agile development and security operations challenges associated with various software development life cycle (SDLC) methodologies and technologies. Other responsibilities include the implementation and use of agile practices such as Scrum, Kanban, or SAFe; the development and use of automated software testing frameworks for large scale security-critical software testing to validate that secure coding best practices are being used; the deployment, debugging, and optimization of software solutions using DevOps tools such as Git, Jenkins, or Ansible; the implementation and enforcement of security policies and procedures using DevSecOps tools such as SonarQube, Fortify, or NIST SP 800-53; the provision of technical support and guidance to clients and internal teams on agile development and security operations matters; the research and evaluation of new agile development and security operations technologies and trends.
Additional Duties:
- Participate in standards reviews.
- Support attribute-based access control.
- Contribute to operational plans including agile development and security operations technology, storage management, and architectural criteria that promote continual data assessment and audit capabilities for security and quality control.
- Create documentation and contribute to architectural and security efforts in a Cloud environment, specifically AWS GovCloud.
- Support engineering and development efforts working in a SAFe Systems Engineering Lifecycle (SELC) environment.
Required Qualifications:
- Familiarity with agile development methodologies such as Scrum, Kanban, or SAFe
- Programming experience with one or more programming languages such as Python, Java, C#, or Ruby
- Familiarity with automated software testing tools and frameworks such as Selenium, Cucumber, or JUnit
- Experience with DevOps tools such as Git, Jenkins, or Ansible
- Experience with DevSecOps tools such as SonarQube, Fortify, or NIST SP 800-53
- Knowledge of software security best practices such as OWASP & SANS identified common security coding flaws, threat modeling, and static/dynamic analysis
- Ability to work under pressure and meet deadlines
- Excellent communication, collaboration, and problem-solving skills
- Must have an active Secret Clearance and be eligible for TS/SCI
- Must be able to obtain DHS EOD.
Current certifications in one or more of the following:
- Scrum Alliance
- Certified Scrum Master (CSM)
- Scaled Agile
- SAFe Agilist (SA)
- ISC2
- Certified Secure Software Lifecycle Professional (CSSLP)
- SANS GIAC
- GWEB (Certified Web Application Defender)
- GISP (Information Security Professional)
- EC-Council
- Certified Application Security Engineer Java (CASE JAVA)
Preferred Education and Certifications:
- Bachelor’s Degree and 10+ years in relevant field, or equivalent experience
- Agile certification and experience
- DecSecOps or DevOps certifications and relevant experience