SAIC is seeking a Cybersecurity DevSecOps Engineer to support the ITO Cyber Engineering / Architecture team. This is a remote position.
This position will report to the Cyber Security Engineering / Architecture Manager. This role is a key business enabler and will provide information on security risk analysis and strategic recommendations for the ongoing improvement of Information Security within the organization. The candidate should have deep programming, security, data, and operational experience. This position will require expert engineering knowledge of enterprise IT and security solutions to design, develop and/or implement solutions to ensure they are consistent with enterprise architecture security policies. This is critical to the success of the organization by providing high confidence in understanding the attack surface of our infrastructure. This position includes security control design and solution planning at the system, mission, and enterprise level, security-in-depth/defense-in-depth, and other related DEVSECOPs/IAM/ISSO/ISSE support functions. The candidate will be Involved in a wide range of security issues including, but not limited to, code development, software development architecture and build pipelines, infrastructure architecture, firewalls, electronic data traffic, and network access.
- Drive security implementation across several enterprise platforms and applications to ensure ITO Cyber DEVSECOPs standards are met.
- Provide security input to the SAIC ITO DEVSECOPs teams; Provide guidance for Cloud security in highly regulated Cloud SaaS, IaaS, and PaaS environments.
- Support Security Engineering / Architecture efforts and Cyber Roadmap development and maturation.
- Perform detailed system analysis and develop recommendations for improvement of the SAIC Cyber posture.
- Experience with Continuous Integration and Continuous Delivery pipelines (CI/CD).
- Ability to meaningfully participate in code reviews and provide security guidance to software development teams.
- Knowledge of vulnerabilities in various operating systems, databases and networks in relation to hardening, configuration, deployment and administration.
- Possesses strong understanding of networking concepts, network security architecture and common modern operating systems, including Windows, Mac OS X, Linux, UNIX, and mobile device platforms including Android and iOS.
- Excellent written and verbal communication skills.
- Organizational skills; the ability to multitask; attention to detail.
- Customer service-oriented team player; the ability to provide guidance and support to subordinates and other team members.
- Interpersonal skills; The ability to communicate security issues to peers and management.
- Knowledge of industry standards relating to Vulnerability Management including Common Vulnerabilities and Exposures (CVE), Common Vulnerability Scoring System (CVSS) and Open Web Application Security Project (OWASP).
- Expert knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001 27002).
- Knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
- Must be a US Citizen.
- Experience with automated software security testing methodologies (SAST/DAST/SCA).
- Familiarity with microservice architectures and cloud-native technologies.
- Demonstrated experience working with senior management on highly sensitive projects that require the utmost discretion and maintaining strict confidentiality on all data, records, and tasks as required.
- Possession of industry certifications highly preferred. Including, but not limited to, COMPTIA Advanced Security Practitioner, Security+, and Certified Information Systems Security Professional (CISSP).
- Familiarity with NIST Security Engineering methodology, Cyber Maturity Model Certification, (CMMC), and Defense Contract Management Agency (DCMA) requirements.
- Demonstrated ability to work in a fast-paced, deadline driven environment.
- Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise.
- Maintain roadmaps, which include product selection, versions, upgrades, projects and milestones.
- Recommend and implement appropriate security tools to enhance security posture.
- Bachelor’s Degree and 5+ years of experience, or Master’s Degree and 3+ years of experience. Additional experience may be considered in lieu of a degree.
Target salary range: $95,001 - $105,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.