DevSecOps ENGINEER

DevSecOps ENGINEER

Overview:

Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Arlington, VA, Aberdeen, MD, Colorado Springs, CO; Shalimar, FL; and Tupelo, MS.

Mission:

As a DevSecOps Engineer, you will work hands-on as a member of the Software Assurance Team (SwA) to ensure the secure development of software. You will work with the team to review results from various tools (SonarQube, SonaType, Fortify, etc.) as well as work closely with the development team to remediate vulnerabilities found in the source code, justify false positives, and create containerized versions of our applications.

Responsibilities:

• Manage security measures for containerized services using Docker, Kubernetes, and similar technologies.
• Develop and maintain documentation related to DevSecOps processes and tools.
• Monitor security tools in the development pipeline and adjust as necessary to improve automation and effectiveness.
• Collaborate with developers to enforce standards and to identify and mitigate security risks.
• Integrate security tools into CI/CD pipelines to ensure secure deployment practices and minimize vulnerabilities.
• Secure system configurations and install security tools, scan systems to determine compliance and report results and evaluate products and various aspects of system administration.
• Conduct security program audits and develop solutions to mitigate risks.
• Evaluate, develop and enhance security assessment capabilities.
• Perform vulnerability assessments including development of risk mitigation strategies.
• Applies science and/or engineering techniques to develop cybersecurity controls for information system, network and/or application design
• Ensure cybersecurity controls are effectively implemented early in the system design and engineering process to enable the technology to be used at the minimal acceptable level of risk
• Serve as a cybersecurity technical expert that participates in critical system development review meetings as part of the acquisition life cycle
• Promote the design and development of secure interface specifications between interconnected systems and develop interface control documentation
• Conduct analysis of and documents ports, protocols and services used in information systems and/or networks
• Design, develop, integrate, and update system security measures (including polices and requirements) that provide confidentiality, integrity, availability authentication, and non-repudiation of information systems, networks, components, and/or applications that are consistent with technical specifications
• Conduct analysis of requirements for cross domain solutions, test cross domain solutions and make implementation recommendations
• Analyze and resolve cybersecurity technical problems
• Configure testbeds and conduct testing, record and analyze results, and provide recommendations for improvements for the products/systems under test
• Identify threats and vulnerabilities, develop risk analyses, risk assessment documentation, and researches and develop countermeasures to those threats and vulnerabilities
• Promote secure engineering techniques, principles, architectures, and designs within the organization and with external stakeholders

Required Skills and Qualifications:

• Must have a bachelor's degree in Computer Science or related engineering or scientific field of study from an accredited college or university.
• Must have Secret security clearance and be able to obtain Top Secret/SCI
• Must have IAT level II baseline certification
• Must have Computing Environment (CE) certification
• Must have a minimum of two (2) years of experience, of which at least one (1) must be specialized experience including cybersecurity analysis and implementation of cybersecurity technical controls
• Must have strong experience in C# and .NET programming languages.
• Must understand heterogeneous information systems and networking technologies
• Must understand information system ports, protocols and services
• Must understand interface standards specifications and information system programming techniques, best practices and standards
• Must have and maintain an appropriate DoDI 8570.01-M (Information Assurance Workforce Improvement Program) certification for the appointed duty level
• Must have experience with tools like Azure DevOps, GitLab, SonarQube, SonaType, BurpSuite professional and AWS GovCloud.
• Must be proficient with Containerized deployments of applications using AWS EKS, Helm Charts, or other containerization platforms.
• Must have knowledge of scripting languages such as PowerShell.
• Must be proficient in creating containerized applications.

Desired Skills and Qualifications:

• Experience with PowerShell or other scripting languages
• Experience with Amazon Web Services (AWS) architectures and security
• Experience with secure container deployments and setting up and configuring containerized environments.
• Strong communication skills specifically when interacting with Cybersecurity teams and development teams.
• Ability to configure and maintain automated pipelines within DevOps environments.
• Develop automated capabilities.

Quantum Research International is an Equal Opportunity Employer / Affirmative Action Employer M/F/D/V:

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.