DevSecOps Cyber Security Engr

Company: Disability Solutions
Location: El Segundo
Posted on: November 20, 2023

Job Description:

Job DescriptionENSCO is seeking an innovative, creative, and highly motivated individual to support the U.S. Space Force, Space Systems Command's MILSATCOM Program through the MILSATCOM Systems Engineering, Integration and Test (MSEIT) contract. This position, located in El Segundo, CA, will support a diverse set of strategic MILSATCOM systems and infrastructure in a multidisciplinary and collaborative environment.Duties include:--- Systems Engineering: Perform systems engineering activities in the areas of cybersecurity, Assessment & Authorization (A&A), cryptographic System Security Engineering (SSE), and Certification & Accreditation (C&A), in accordance to NIST 800-53 RMF and NSA requirements and regulations.--- Code and Container Security Scanning: Implement, manage, and fine-tune code and container security scanning tools to identify potential vulnerabilities in our software applications and infrastructure.--- Infrastructure and Application Vulnerability Assessment: Utilize tools like Nessus, BurpSuite, OWASP ZAP and others to test and identify vulnerabilities in infrastructure and applications.--- Vulnerability Management: Analyze scan results, prioritize vulnerabilities based on risk, and work closely with development teams to remediate identified issues.--- Software Dependency Management: Work closely with development team in tracking and updating software dependencies for remediating security vulnerabilities.--- Package Management: Work proficiently with package managers of Java, Python, JavaScript, and Go, ensuring that software dependencies are up-to-date and secure.--- Process Improvement: Continually evaluate the effectiveness of current scanning practices and tools and recommend enhancements or changes when needed.--- Collaboration: Work closely with development teams to instill secure coding practices through training, peer reviews, and collaboration. Interface with Space Force customer, system stakeholders, and external contractors to coordinate cybersecurity/cryptographic requirements and architecture flow down from the system level to individual elements of the system.--- Threat Modeling and Risk Management: Contribute to threat modeling exercises to identify potential risks and guide development teams in addressing those risks. Apply risk management concepts to mitigate vulnerabilities in system security architectures.--- Research: Stay updated with the latest in cybersecurity threats, vulnerabilities, and mitigation techniques to ensure our tools and practices are always current.--- Documentation: Maintain detailed documentation of security scanning processes, decisions, and justifications.--- Incident Response: Assist in cybersecurity incident response activities, when required, particularly in relation to code-based vulnerabilities.Qualifications Required (Skills)--- Bachelor's degree in engineering, computer science or technical equivalent.--- 5+ years of related experience to include: o 3+ years of work experience in Information Assurance (IA)/Cyber Security o 2+ years of experience with code security scanning tools like SonarQube, OWASP Dependency Check, Veracode, and vulnerability testing tools such as Nessus, BurpSuite, OWASP ZAP. o 2+ years of experience with Linux and scripting languages such as Python or bash scripting.--- Understanding of the discipline and practice of Systems Engineering throughout the system lifecycle phases of concept, development, production, use, support, and retirement.--- Deep understanding of secure coding practices and common programming vulnerabilities (e.g., OWASP Top 10).--- Understanding of git version control for managing codebase changes, especially in relation to dependency updates.--- Understanding of Docker container management.--- Understanding of modern computing architectures including CI/CD, microservices, cloud technologies.--- Strong analytical, troubleshooting, and problem-solving skills.--- Effective communication skills, both written and verbal.--- Strong interpersonal, organizational, and teambuilding skills.--- Strong writing and oral presentation skills; ability to write final-version deliverable technical documents and reports.--- US Citizenship and ability to obtain a DoD Secret clearance.Qualifications Desired--- Master's degree in Computer Science/Engineering with emphasis in IA/Cyber Security.--- 5+ years of work experience in IA/Cyber Security.--- 2+ years of experience with integrating security tools into CI/CD pipelines (GitHub Actions, GitLab CI/CD, Jenkins or other similar CI/CD platforms).--- NIST 800-53 and CNSSI 1253 RMF Analysis and Accreditation--- Network Engineering--- Communications Systems--- Security Test and Evaluation (ST&E)--- Security certification (CISSP)--- Hands-on experience with Docker security tools (Anchore grype/syft, Aqua trivy or similar tools).--- Hands-on experience with package managers for languages such as Java, Python, JavaScript, and Go.--- DoD Space program experience.--- Active Secret clearance or higher#LI-TL1Division DescriptionENSCO has been delivering engineering, science, and advanced technology solutions to complex priority programs since 1969.ENSCO operates in the aerospace, avionics, national security, rail, and cyber sectors. ENSCO is a small business with 721 employees strong where our Mission Systems Group (MSG) makes up two-thirds of the company. MSG headquarters are located in Cocoa Beach, FL., with facilities and capabilities in Colorado Springs, CO., El Segundo, CA., Orcutt, CA., Endicott, NY, Melbourne, FL., and Springfield, VA. MSG delivers engineering and technologies for aerospace, cybersecurity, avionics, national security programs, and meteorological systems for government and commercial customers. ENSCO is a family-owned award-winning culture where our model is "we take care of our employees who take care of our customers." This is a simple but effective strategy that has brought us impressive results over the last 53 years. ENSCO has received many awards such as the 2021 Top Workplace and 2021 Workplaces Technology Awards, which attest to the high standard our employees rate ENSCO during surveys. ENSCO also has a diverse portfolio of benefits such as a flexible work schedule, training, and professional development resources, remote work options, strong work/life balance, and tuition assistance. At ENSCO, you can build your career no matter the stage of your career- college student, new graduate, experienced professional, or transitioning military. Adding to our awards, ENSCO has been recognized for its outstanding culture with several awards including the U.S. Department of Labor Hire Vets 2021 Gold Award, Diversity Jobs Top Employer in 2022, and Top Workplaces 2022. ENSCO engineers bring innovative solutions to complex problems, keeping our nation and its citizens safe. ENSCO has earned the trust of the United States Armed Forces by focusing on areas of national priority, and we salute their sacrifices. We take pride in retaining those highly trained veterans of our highly skilled diversified team. The ENSCO Corporate Office is located in Springfield, VA.Strength in DiversityENSCO, Inc. and its wholly owned U.S. subsidiaries are equal opportunity/affirmative action employers, committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status, or any other protected characteristic under state or local law.

Keywords: Disability Solutions, Los Angeles , DevSecOps Cyber Security Engr, Other , El Segundo, California