REQ#: RQ57986 Travel Required: Less than 10% Requisition Type: Regular GDIT is looking for a Development Security Operations (DevSecOPS) Engineer to join a cross functional application development team tasked with sustaining a military Command and Control (C2) system and its transition from the existing monolithic software architecture into an architecture using service mesh and microservices. This position is not yet funded. During the transition the team needs to ensure compatibility with currently fielded systems and system variants. Selection for this DevSecOps Engineer position requires: * Certified Information Systems Security Professional (CISSP) certification
* More than two years' experience in system security * More than two years of experience in configuration control, testing, security, automation, containerization, orchestration, and cloud services open source technologies
* Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development
* Significant knowledge of cloud technology, including EC2, IAM, CloudWatch, CloudTrail, Config, Lambda, Security Groups, VPCs, WAF, Guard Duty, Inspector, etc.
* Experience with cloud-based security management/IDS/IPS/SIEM tools, such as Splunk, Dome9, AlienVault, AlertLogic, Fortinet, Threat Stack, etc.
* Programming or scripting experience with a popular modern language utilized by above tools (Java, Python, Ruby, etc.).
* Experience extracting pertinent security data from logs, and reports
* Understanding DoD Risk Management Framework (RMF) process and principles
* Experience in integrating cybersecurity into DevSecOps process and use of tools (OpenSCAP, Teanble Nessus, Fortify, TwistLock/Contrast Security, ThreadFix)
* Participation as team member in Agile development environment supporting software engineers including identification of security controls, implementation analysis, and test development/verification In this dynamic role the DevSecOps Engineer will: * Work closely with the Operations team to support 24/7/365 multi-cloud operations, provide maximum uptime and security, and expand operations to additional cloud regions and providers
* Implement new security tools and systems based on InfoSec policies
* Evaluate security tooling implementation; recommend and deploy enhancements
* Maintain development and production environments for engineering teams
* Provide knowledgeable, confident high-level support within the organization to resolve internal and external customer issues
* Assist in developing, implementing and enforcing policies to enhance physical, network and system security
* Commit to continuous learning and improvement of development and quality strategies
* Recommend technical security policies and consult with Development teams on remediations
* Liaise with engineering organization to ensure adherence to secure development practices
* Foster and evangelize DevOps culture and product ownership amongst engineering teams We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.