Security Engineer

Overview/ Job Responsibilities

We are looking for a skilled and motivated Security Engineer to join our team and support our federal customer. In this role, you will play a crucial part in the design, development, and maintenance of user-friendly, responsive web applications and interfaces. Your expertise in front-end technologies and experience working with federal clients will be essential in ensuring the successful delivery of high-quality software solutions that meet the specific needs and security requirements of our federal customer.

The Security Engineer is responsible for doing research, identify, design and implement solutions as well as perform application security vulnerability assessments and scans to identify, evaluate and mitigate security risks, threats and vulnerabilities in AWS cloud and on-prem environments. Responsible for defining and planning processes for implementing security initiatives compliant with customer set security requirements and certifications. Document and communicate all security related configuration and guidelines for the network and cloud teams.

Minimum Qualifications

Primary Responsibilities:

• Responsible for design and automation of security scanning as part of daily integration activities to continuously assess code and remediate vulnerabilities early in the development lifecycle.
• Actively involved at all phases of the development lifecycle to promote code reuse which uses inherited preapproved Risk Management Framework (RMF) controls to achieve faster ATO
• Responsible for confirming security-relevant design changes to Navy ISSM’s and ISSOs for early assessment
• Design integrate custom code to generate security-relevant events for the Navy Information Security, enhancing operational monitoring
• Perform evaluation, onboarding, and manual testing of DOD approved security tools ex SAST, vulnerability and open source scanning into the Security DevOps life cycle
• Define best practices in security hardening, patching, granular role-based access, system administration, and configuration
• Strong working knowledge of NIST 800.37 and 800.53 requirements
• Experience evaluating, documenting, and implementing security controls
• Experience with python scripting is desired
• Good understanding of cloud security concepts

Desired Qualifications

• 3-7 Years of experience in software design and development with at least 3+ years of experience working in a security role handling on-premise and cloud infrastructures
• Extensive experience integrating Security checks in the CI/CD pipeline alongside the Development team
• The Security Engineer should have extensive Scanning experience and familiarity with Static & Dynamic Code Analysis.
• Experience and expertise in secure coding practices and threat modeling
• Strong scripting skills and proficiency with the following scripting languages strongly preferred: Shell, Python, Java
• Excellent communication and written skills
• Able to provide proof of US Citizenship
• Active Secret Clearance

About Sev1Tech LLC

Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies.  Enable better government. Protect our nation. Build better humans across the country.

Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression.  Please apply directly through the website at: https://careers-sev1tech.icims.com/    #joinSev1tech

For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com

Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.