CyberSecurity Engineer (DevSecOps) with Security Clearance
Amyx Inc
2024-11-05 21:37:58
O Fallon, Illinois, United States
Job type: fulltime
Job industry: I.T. & Communications
Job description
Amyx is seeking a Cybersecruity Engineer (CSE) to support the US Transportation Command (TRANSCOM) Senior Information Security Officer (SISO) contract at Scott Air Force Base, IL. The CSE will support USTRANSCOMs emerging DevSecOps development ecosystem and facilitate overall implementation of DevSecOps for RMF activities and will support and interact with RMF and SCA teams providing support for more than 68 Programs of Record in use across the Enterprise. Responsibilities • Facilitate the overall implementation of DEevSecOps in supporting TRANSCOM J6 RMF activities
• Provide Security and Privacy Risk Assessment recommendations to the Government for approval or disapproval in support of USTRANSCOM DevSecOps risk management processes.
• Conduct research for and advise the SCA, AO, DevSecOps Program Manager, and other Government staff on recently developed countermeasures designed to protect command platforms and applications from new threats.
• Use Continuous Integration/Continuous Delivery (CI/CD) tool chain automation and reporting features for conducting risk assessments.
• Determine the risk posed by the integration of a minimum viable product (e.g., modular-based component for the platform or application), as well as ATO's into the USTRANSCOM environment.
• Automate the tailoring of security controls and adjust baselines commensurate to mitigate risks and protect system from cyber-attacks.
• Leverage CI/CD tool chain automation and reporting to inform and provide continuous feedback to support risk management activities.
• Leverage CI/CD automation to codify security policies and checklists in tool chains to validate and identify gaps in security compliance.
• Conduct extensive research and vetting of third-party software components to determine overall pedigree and identify potential threats and attack vectors to make informed risk management decision regarding consumption and possible remediation and mitigation strategies.
• In support of USTRANSCOM DevSecOps risk management processes, integrate the DevSecOps platform and application processes to support the identification of system components and changes to system boundaries to properly support and conduct risk management activities, update continuous monitoring strategy, perform threat assessments, and provide updates to security and privacy plans.
• Provide risk assessments which are supported by reports from tests and evaluations performed by other teams supporting USTRANSCOM.
• Provide risk assessments to address risk factors, threats, vulnerabilities, likelihood of exploit, and security controls of systems.
• Provide risk assessments which quantify the potential cost to the Government if a threat agent exploits the vulnerabilities identified in the risk assessment and the cost of implementing the recommended mitigations. • Develop and publish security implementation guidance for security capabilities and security controls
• Engage in the development of security assessment procedures for identified system security capabilities Supported Technologies DevSecOps, RMF, CI/CD Qualifications Required Skills and Qualifications: • Minimum of 5 years of direct related experience in the areas of Cybersecurity, RMF and DevSecOps
• Secret security clearance • Must have and maintain IAM III certification
• Excellent written and verbal communication skills, demonstrating the ability to present material to senior DoD and non-DoD officials.
• Able to communicate effectively with senior leaders and customers to clearly present technical approaches and findings. Desired Skills and Qualifications: • BA/BS degree and at least 10 years experience in related field
• Demonstrated knowledge and understanding of the USTRANSCOM mission Please contact with any questions! Amyx is an Equal Opportunity employer. Amyx is committed to providing equal employment opportunity to all job seekers. Every qualified applicant receives focused consideration for employment and no one is discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability or protected veteran status. In addition to federal law requirements, Amyx complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Equal Opportunity Employer- Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity. Amyx is an E-Verify employer. Amyx proudly and proactively takes affirmative action to advance employment of individuals who are minorities, women, protected veterans and individuals with disabilities. Physical Demands Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.