No more applications are being accepted for this job

Information Systems Security Engineer - Reston, United States - Mantis Security Corporation

Mantis Security Corporation Reston, United States

3 weeks ago

Description

Mantis Security is a leading specialty firm of high caliber talent who specialize in Cyber Operations, Cyber Defense, Information Assurance, Software Development, DevSecOps, Security Engineering, and Cloud Engineering.

We enable and protect our nation's most important IT assets and invest in the long-term career development of every employee We are currently looking for the next Information Systems Security Engineer (ISSE) to join our team of expertsYou will support the security engineering and security requirements for custom-built applications and information systems and support the agency's Assessment & Authorization (A&A) process.

The ideal candidates are comfortable working with software developers and architects, and with program Information System Security Officers (ISSOs), to ensure appropriate security measures per ICD 503 and NIST security controls.

You will support security engineering technical meetings and requirements analysis in areas of cloud, container security, DevSecOps, and platform security in order to ensure security measures are modernized.

Responsibilities:
Develop and improve security architectures for applications, information systems, and microservices.
Lead the analysis of security requirements and provide implementation recommendations to developers and systems engineersProvide security engineering input to assigned programs throughout the program lifecycle to ensure systems meet ICD-503 controlsLeverage DAST and SAST tools provided by agency's DevSecOps CI/CD toolchain to analyze static code and dynamic code for known vulnerabilities and work with developers, ISSO, and SCAs to ensure adequate remediationAnalyze code for known vulnerabilities using Fortify and work with developers to mitigate findings Analyze runtime security of applications using OWASP ZAP or Arachni (dynamic application security testing)

Employ best practices when implementing security controls within an information system to include software engineering methodologies, system/security engineering principles, secure design, secure architecture and secure coding techniquesDesign unclassified and classified environments that leverage AWS clouds and Azure cloudsWork with team to configure and maintain Virtual Machines (EC2 instances) that align with security requirementsSupport application development or infrastructure development teams in the review of their security engineering requirementsImplement DevOpsSec initiatives in the implementation of the DevOpsSec Framework for IC IESupport regular review of AWS security settings, IAM roles, privileges, and environmental settingsPerform vulnerability testing, risk analyses and security assessmentsResearch security standards, security systems and authentication protocolsTest security structures to ensure they behave as expectedDetermine the most effective way to protect applications, networks, and information systems against external and insider threatsRequirements:

Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraphBachelor's degree in computer science, cyber security, or a related technical field, with 8+ yrs.

experience with information systems development and security; an additional 4 years of experience may be substituted in lieu of a degree;Advanced knowledge in two or more of the following areas:

DevOps methodologies, CI/CD tools, practices (GitHub, Git, Jenkins, Artifactory, Nexus, etc.)Agile or Scrum methodologyAWS Security ConfigurationSoftware Development in Java, Python, Ruby and/or C++ Linux Expertise (RedHat/RHEL or CentOS preferred)Dynamic & Static Application Security Scanning (e.g., Arachni, OWASP ZAP, BurpSuite, Fortify, Checkmarx, etc.)Virtualization and containers (EC2, Docker)Infrastructure Security Scanning, Vulnerability Scanning (Twistlock, ACAS/Nessus)Experience with Xacta, eMASS, or equivalent IA management software is desiredUnderstanding of STIGs and CIS Benchmarks DoD 8570 certificationWe believe that our strength is in our employees.

We offer employees the chance to work with great people on projects of high importance and are committed to providing the best culture that fosters technical innovation and personal growth.

To help our staff achieve a productive work-life balance, we offer a full range of highly competitive benefits for our employees and their families.

For more information visit our website at