Cyber Security Engineer
Kalani Consulting Inc recently awarded Best and Brightest Companies to Work for in The Nation for the second year in a row and Washington Post’s Top Workplaces of 2023 is looking to add more talent to our team! Kalani is a fast-growing small business located in Northern Virginia with an increasing base of government customers. We specialize in Information Technology, and Management Consulting. We offer very competitive salaries and benefits and are an employee-focused company. Join us and experience the Aloha Spirit!
Overview:
This individual will serve as the Senior Information Systems Security Engineer and Senior Technical Consultant for the Department of State DevOps team, Solution Architecture team and Application Vulnerability Assessment Program. Responsibilities include developing pipelines. Must be able to configure, implement and administer Fortify Static Code Analyzer, Web Inspect, OWASP and SonaType into the Azure DevOps pipeline and provide hands-on technical subject matter expertise for applications using the application scanning tools.
Responsibilities:
- Maintain Azure DevOps pool agent servers.
- Monitor and coordinate security findings.
- Manage the program testing processes and testing activities of the security program.
- Manage the resolution of open issues and communicate essential information to stakeholders.
- Administer applications and users and field troubleshooting questions for users and other stakeholders.
- Analyze internal security and provide relevant information to internal and external stakeholders.
- Analyze all platform level system changes and monitor impact and provide appropriate technical solutions to resolve issues efficiently; evaluate and document operating baseline according to required standards.
- Work with Project teams to review vulnerabilities and manage the resolution of vulnerabilities.
- Support the creation and maintenance of program documentation including Standard Operating Procedures, Test Plans, Reference Guides, Troubleshooting Guides, Training Guides, etc.
Qualifications:
- Strong understanding of DevSecOps tools and processes, as well as OWASP top risks and mitigations.
- Hands-on experience in installing, configuring, operating, and monitoring CI/CD pipeline tools.
- Previous work writing/developing CI/CD pipelines using YAML, maintaining/configuring build agents, and generating documentation and statements of procedures for these processes.
- Experience integrating static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and other application security tools (i.e., IaC scanning, container security, etc.) into CI/CD pipelines to automate security testing.
- Examples includeFortify SCA, Fortify WebInspect, Sonatype, Checkov, Owasp ZAP, Burp Suite, etc.
- Knowledge of NIST's Secure Software Development Framework and how code scanning tools align.
- Ability to troubleshoot, via log analysis, both frequent and infrequent technical issues related to CI/CD pipeline run errors.
- Programming/scripting experience in Python/PowerShell to design and implement automation to streamline processes.
- Solid understanding of other core programming languages such as C#/.NET, Java, Node.js, PHP, etc. to aid in troubleshooting of customer CI/CD pipelines.
- Experience reviewing and validating outputs of code scans to assist customers in identify true positives and provide appropriate remediation guidance.
Clearance Requirement:
- Active DOD Secret Clearance
Kalani Consulting, Inc
. is an equal opportunity employer that values the strength diversity brings to the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.
