Description

ITCON Services is seeking to hire a motivated and knowledgeable Senior DevOps Security Engineer to join our team. The ideal candidate will be able to multitask effectively and efficiently, be comfortable interfacing both with technical team members and end users. The candidate should be able to produce examples of design and development work for review and consideration.

As a key member of the Web Systems team, you will be responsible for evaluating the current security posture of numerous Web Applications and consulting with development teams on the implementation of security best practices into their application development. The Web Development Security Engineer will ensure the team is engaging the latest security trends, new methods, and techniques to prevent unauthorized access of data and preemptively eliminate the possibility of system breaches.

Tasks will include but not be limited to the following:

• Design, implement and monitor security measures for the protection of websites,
• Design web application security architecture for internal and external web applications,
• Identify, define & implement system security requirements for external and internal facing web applications,
• Conduct web application security assessments and consult with development teams on how to integrate improved security best practices into their code,
• Prepare and document standard operating procedures and protocols; proactively work with team members to address security and compliance issues in a timely manner,
• Configure and troubleshoot pen testing and vulnerability scans to identify vulnerabilities in web and mobile applications and provide supporting documentation which includes testing methodology and findings,
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks,
• Review findings from scanning tools to address issues pinpointed,
• Coordinate with the Web firewall team during new initiative and upgrades to analyze the impact on the Web applications,
• Perform complex application security assessments of web and mobile applications utilizing a variety of static and dynamic methods, processes, and tools,
• Review and ensure the implementation of adequate application authentication, authorization, and access control and encryption practices,
• Monitor and analyze security data; produce and present security reports for management,
• Troubleshoot and document security incidents,
• Apply the NIST Special Publication 800-64, Security Considerations in the SDLC standards

At ITCON, we offer competitive compensation, paid training and development opportunities, healthcare benefits that start on your first day, commuter benefits, work-life balance, and the opportunity to work alongside an amazing and growing team.

• This opening is for a full-time salaried position.
• Applicant must be a permanent resident or citizen of the United States.
• Applicant must be clearable for Public Trust clearance with the U.S Government.

Required Skills and Qualifications

• BS degree in Computer Science, or a related technical field with 10+ years of continuous and progressive experience,
• Certification in one of the following preferred: CompTIA Security+ Professional (Security +), Certified Ethical Hacker (CEH), Check Point Certified Security, or Administrator (CCSA),
• Software development experience to include developing web applications; extensive hands-on experience developing web applications in Drupal, PHP, .NET or JavaScript,
• Detailed technical knowledge of database and operating system security,
• In-depth knowledge of systems architecture including CDN, Load Balancers, Firewalls, Apache etc,
• Hands on experience with Linux and Windows system management,
• Experience with Cloud development and configuration best practices and security compliance; experience in engineering or assessing the security of cloud, SaaS, and multi-tenanted applications including designing authentication and authorization requirements,
• In-depth technical knowledge of security engineering, application security, computer and network security, authentication, security protocols and applied cryptography,
• Hands on experience in security systems and controls, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.,
• Experience using SAST and DAST tools, Vulnerability Management platforms, Security Analytics platforms, Penetration Testing frameworks (Metasploit or Resolve),
• Hands on experience with application security assessment tools, and
• Strong organization skills with a proven ability to multi-task, handle multiple assignments to effectively bring discussions and issues to closure.
• Able to multithread and move multiple projects forward