We are looking for a skilled and motivated Mid-Level Security Engineer to join our team and support our federal customer. In this role, you will play a crucial part in the design, development, and maintenance of user-friendly, responsive web applications and interfaces. Your expertise in front-end technologies and experience working with federal clients will be essential in ensuring the successful delivery of high-quality software solutions that meet the specific needs and security requirements of our federal customer.

This position requires onsite presence at the customer location (Arlington, VA) one day per week.

The Security Engineer plays a key role in the CISA CEEOSS team with primary focus on the assigned portfolio The Security Engineer is responsible for doing research, identify, design and implement solutions as well as perform application security vulnerability assessments and scans to identify, evaluate and mitigate security risks, threats and vulnerabilities in AWS cloud and on-prem environments. Responsible for defining and planning processes for implementing security initiatives compliant with customer set security requirements and certifications. Document and communicate all security related configuration and guidelines for the network and cloud teams.

Primary Responsibilities:

• Responsible for design and automation of security scanning as part of daily integration activities to continuously assess code and remediate vulnerabilities early in the development lifecycle.
• Actively involved at all phases of the development lifecycle to promote code reuse which uses inherited preapproved Risk Management Framework (RMF) controls to achieve faster ATO
• Responsible for confirming security-relevant design changes and raise “outPatterns” to CISA ISSM’s and ISSOs for early assessment
• Design integrate custom code to generate security-relevant events for the CISA Information Security, enhancing operational monitoring
• Perform evaluation, onboarding, and manual testing of CISA approved security tools ex SAST, vulnerability and open source scanning into the Security DevOps life cycle
• Define best practices in security hardening, patching, granular role-based access, system administration, and configuration
• Strong working knowledge of NIST 800.37 and 800.53 requirements
• Experience evaluating, documenting, and implementing security controls
• Experience with python scripting is desired
• Good understanding of cloud security concepts

• 3-7 Years of experience in software design and development with at least 3+ years of experience working in a security role handling on-premise and cloud infrastructures
• Extensive experience integrating Security checks in the CI/CD pipeline alongside the Development team
• The Security Engineer should have extensive Scanning experience and familiarity with Static & Dynamic Code Analysis.
• Experience and expertise in secure coding practices and threat modeling
• Strong scripting skills and proficiency with the following scripting languages strongly preferred: Shell, Python, Ruby
• Excellent communication and written skills
• Able to provide proof of US Citizenship
• Ability to obtain a Public Trust clearance

Clearance Preference:

• Active DHS/CISA suitability - 1st priority
• Any DHS badge + DoD Top Secret - 2nd choice
• DoD Top Secret + willingness to obtain DHS/CISA suitability - 3rd choice (it can take 10-60 days to obtain suitability – work can only begin once suitability is fully adjudicated).

Welcome to Sev1Tech! Founded in 2010, we are proud to be a leading provider of IT modernization, engineering, and program management solutions. Our commitment is to deliver exceptional program and IT support services that empower critical missions for both Federal and Commercial clients.

At Sev1Tech, our mission is clear: Build better companies. Enable better government. Protect our nation. Build better humans across the country. We believe that through innovation and dedication, we can make a significant impact on the communities we serve.

Join the Sev1Tech family, where your potential for greatness is limitless! Here, you will not only achieve remarkable accomplishments but also enjoy a fulfilling and rewarding career progression. We invite you to explore opportunities with us and become part of a team that values your contributions and growth.

Ready to take the next step? Apply directly through our website: Sev1Tech Careers and use the hashtag #joinSev1Tech to connect with us on social media!

For any additional questions or to submit referrals, feel free to reach out to recruiting@sev1tech.com.