Engineer III

IDEMIA National Security Solutions (NSS) is the premier provider of integrated identity solutions for United States Government. Our deep understanding of biometric, biographic, credential, and digital forms of identity allows us to guide our clients to achieve their business goals. NSS’ leading software systems; data and analytics offerings; and professional services facilitate and automate many of the business processes for government agencies serving law enforcement, military, and intelligence missions. Must be a U.S. citizen. Cannot be a dual citizen of another country.

Summary

The successful candidate will be expected to work as part of a Scaled Agile Framework scrum team focused on product development and delivery across different customers as well as internal initiatives. The candidate will have experience with the full software development lifecycle along with strong troubleshooting and problem-solving skills. The ideal candidate will have experience with architecture, design, testing, and implementing security solutions for software applications and supporting infrastructure and be capable of working without regular supervision and assist other staff with planning and executing work.

Primary Responsibilities

In support of Product Development and Software Development teams:

• Perform threat modeling, risk analysis, and risk assessments for the product and supporting infrastructure.
• Perform security trade-off analysis to support technical and architectural decisions
• Develop and maintain security processes and procedures for the product and supporting infrastructure.
• Act as a subject matter expert (SME) for security tools, applications and processes.
• Review and assess technology services, applications, development processes, and organizational controls to determine gaps for meeting security requirements.
• Design and implement changes to existing security tools, applications and processes based on changes in scope or needs.
• Work directly with internal infrastructure teams to align and execute infrastructure changes to support the tools, applications and processes.
• Vet security requirements for acceptance of new technology systems into products.
• Provide routine communications and reports to stakeholders.
• Collaborate with development teams to design secure applications.
• Automate and maintain build, testing, and deployment pipelines.
• Ensure code quality through automated testing and static analysis tools.
• Implement and maintain security controls and compliance checks in CI/CD pipelines
• Monitor and manage application and infrastructure security vulnerabilities.

As a Scrum Team Member

• Work with a scrum team to break down features into stories and work together to size the stories.
• Develop high quality code/work products from User Stories for delivery to IDEMIA customers.
• Maintain application and infrastructure security for multiple operating systems including Linux and Windows.
• Identifies technical path and plans work independently.
• Assists other staff to develop technical paths and plan work.
• Takes on tasking outside their existing technical expertise to build additional technical skills.
• Communicate impediments and issues to a scrum team.
• Provides support to other staff to help them identify technical blockers, root, and proximate causes, and identify when to escalate.
• Learn and follow team standards and practices.
• Actively participate in team code reviews as a presenter and a reviewee.
• Actively share knowledge with their team and peers.
• Participate in team presentations at Agile Release Train ceremonies.
• Leads activities to develop/improve standards.
• Review team backlog and identify work assignments.
• Works with other team members to validate technical paths.
• Works with other team members to develop timelines for work assignments.
• Work closely with scrum team to meet sprint goals.
• Self-manager who researches current and emerging technologies and adheres to best practices.

Qualifications / Technical Expertise

• Five+ years of IT security, cybersecurity, or application security experience.
• Strong understanding of DevSecOps processes and tools.
• Experience with CI/CD pipelines, preferably with Gitlab.
• Experience with cloud development in AWS or Azure.
• Strong oral and written communication skills.
• Experience of Linux, shell and scripting languages.
• Experience of JIRA, Confluence, VNC, Git/Gitlab, and/or other similar products.
• Experience of RDBMS, preferably Oracle or PostgreSQL
• Practical knowledge of and experience employing sound engineering principles and problem-solving methods.
• Good working knowledge of best practices for coding including clear comments, source control, and code reviews.

Preferred Experience

• Proficient in Microsoft Products (Word, Excel, Outlook, SharePoint, Teams)
• Agile/Scaled Agile Framework certifications/training.
• Familiarity with DoD Cyber Security Standards including:
• DISA STIGs
• NIST 800-37 (RMF)
• NIST 800-53 Rev. 5
• NIST 800-160 Vol. 1

Education

• Bachelor of Science in Computer Science, Information Security, Information Technology, Cyber Security, or related equivalent. Years of service may be substituted for Education.
• Travel Requirement, Working Conditions and Physical Demands:
• Some travel may be required
• Normal office working conditions and physical demands
• Ability to successfully achieve and retain DoD TS clearance

________________________________________________________________________________________________________

*****Must be a US Citizen, without Dual Citizenship*****

IDEMIA National Security Solutions (NSS) is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other protected characteristics.

Equal Opportunity Employer Statement:

It is the policy of NSS to provide equal employment opportunities to all qualified employees and applicants for employment without regard to race, color, religion, national origin, ancestry, sex, gender identity, age, disability, participation in discrimination complaint-related activities, sexual orientation, genetics, or active military or veteran status, or any other protected characteristic, by either employees or non-employees. This non-discrimination policy applies to all employment procedures, including, but not limited to, recruiting, hiring, placement, promotion, transfer, training, compensation, termination, reduction in force, and all company-sponsored activities.

Affirmative Action Statement:

NSS has adopted an Affirmative Action Plan (“AAP”) and is committed to making a good faith effort toward achieving the objectives of the plan. It is the policy of NSS to base employment decisions on the principles of Equal Employment Opportunity (“EEO”) and to take Affirmative Action in the employment of women, minorities, individuals with disabilities and veterans.

We are an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.

As a government contractor, NSS abides by the following provision:

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of the other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractors legal duty to furnish information. 41 CFR 60-1.35(c).