Description Summary
We are looking for a Security Specialist to enhance the security of a large, cloud-based web
services platform. As part of a DevSecOps-Cybersecurity team, you will provide cybersecurity
expertise and work with application developers, software architects, and other engineers to
continuously evaluate the cybersecurity posture of the system and find systematic ways of
improving security. You will spearhead the adoption of security technology with hands-on effort,
and then work closely with the DevSecOps, Site Reliability Engineering, Development, and
Architecture teams to automate security tests, tools, and configurations into the environment.
You will work closely with the DevSecOps team who will add automated security tests to
deployment pipelines and set evaluation criteria to automatically pass or fail changes to the
system. You will work with the site reliability team to monitor and respond to cybersecurity
threats. You will stay informed of evolving cybersecurity threats and adjust system security
checks to protect the system from those threats. Finally, should a cybersecurity incident occur,
you will analyze it and work with the team to respond to the threat. In summary: the Security
Specialist will be a key resource on the cybersecurity team responsible for making sure systems
and infrastructure are secure.
What you will do:
- Put the “Security” in DevSecOps!
- Define the system security policies based on all relevant security standards
- Work with the DevSecOps team to engineer security tests into automated deployment
pipelines
- Help implement vulnerability assessments and configure audits of operating systems, web
servers, and databases and detect patterns, insecure features, and malicious activities in
the infrastructure
- Create and maintain the System Security Plan that outlines all security practices,
procedures, standards, and tools. Explain in the plan how security regulation and best
practices are applied to continually evaluate system security.
- Provide expertise on incident analysis, root cause analysis and problem resolution
- Conduct cybersecurity threat and risk analysis on existing systems and technologies
- Assist in response security events and escalations
- Support the Risk Management Framework requirements to automatically generate artifacts and other evidence of security; provide written analysis in support of RMF
- Provide expertise on a broad range of Cyber Security standards and best practices
- Help create standards for security tests, logging requirements, and alerts to find signs of threats to the systems for which you are responsible
- Work with software developers, DevSecOps, and the Site Reliability team to mitigate security issues and monitor security compliance
- Create and maintain enterprise security documents (policies, standards, secure configuration baselines, guidelines, and standard operating procedures)
- Conduct research into IT security issues and products as required and make recommendations
- Maintain current knowledge of information security trends, threats and responses.
- Participate in all aspects of Information Security Operations
What we like to see:
- Process driven approach to cybersecurity
- A solid understanding of DevSecOps tools and techniques
- A passion for automation
- Ability to clearly articulate security threats, and recommend preventative measures
- In-depth understanding of vulnerabilities, management systems, and common security
applications
- Experience with cybersecurity tools including static code analyzers, dynamic code
analyzers, tools to evaluate software supply chain vulnerabilities, and tools for security
logging and analysis.
- Hands-on experience analyzing designing monitoring systems and analyzing data, and
other attack artifacts in support of incident investigations
- Familiarity with the DOD security standards and regulation.
- A team player: you will be a part of a core team and will support 3 – 4 other teams
- Excellent communication skills. You will communicate with members of the project team
daily and provide written communication in the form of guidance, policy documentation, troubleshooting guides, incident analysis, and presentation slides about team security processes and standards
- Curiosity, and a desire to learn new things
You Should be familiar with:
- Cybersecurity standards and trends
- DISA Security Technical Implementation Guidelines (STIGs)
- Cloud-native technologies and cloud-based security, with particular focus on Amazon Web
Services (AWS)
- Familiarity with one or more software programming or scripting language
Qualifications:
- 5+ years of experience with Cyber Security or Information Security
- Qualified as a CISSP with a currently active certification
- Bachelors Degree in computer science, information systems or an equivalent amount of
experience in this field.
This position is a remote position, however you must live within 50 miles of Scott AFB, IL. You will be required to support in-person meetings or on-site work 5 – 6 days per month.
This position requires you to be a US Citizen and be able to obtain and maintain a government clearance.