Security Engineer (GSA Login)

The Amivero Team

Amivero’s team of IT professionals delivers digital services that elevate the federal government, whether national security or improved government services. Our human-centered, data-driven approach is focused on truly understanding the environment and the challenge, and reimagining with our customer how outcomes can be achieved.

Our team of technologists leverage modern, agile methods to design and develop equitable, accessible, and innovative data and software services that impact hundreds of millions of people.

As a member of the Amivero team you will use your empathy for a customer’s situation, your passion for service, your energy for solutioning, and your bias towards action to bring modernization to very important, mission-critical, and public service government IT systems.

Special Requirements

• US Citizenship Required to obtain Public Trust
• Bachelor Degree 10years of experience
  
  
  

The Gist

The Security Compliance Engineer is a critical role that combines hands-on DevSecOps engineering with strategic compliance oversight. You will serve as the engineer of complex technology implementations in a product-centric environment while ensuring that Agile IT software development processes comply with NIST, FISMA, and FedRAMP standards. This position involves maintaining operational security posture, monitoring and analyzing compliance practices, and ensuring that automated testing and scanning within CI/CD delivery processes adhere to stringent security requirements and regulations.

Security Operations and Engineering

• Maintain operational security posture for an information system or program
• Perform routine threat modeling exercises at the product, system and cloud infrastructure level
• Work alongside delivery and platform teams to advise on the design and development of secure, highly visible, public-facing applications on AWS Cloud.
• Administer, operate, and maintain security tools such as CloudWatch Events, Nessus, Inspector, AWS Config benchmark setting, Security Hub, WAF, and Macie
• Perform application security impact analyses and participate in significant change assessments as part of the application security program FedRAMP continuous monitoring and reporting
• Participate in security incident response activities
• Develop security responder actions based on principles of SOAR (developer expertise required), Infrastructure language terraform; Scripting language python, Tools at disposal are AWS relevant services, slack, GitHub
• Guide and perform security activities including vulnerability testing and analysis, code review, static and dynamic code testing, ethical hacking and business logic exploit testing
• Conduct Red team exercises
• Conduct routine threat hunting activities to improve system security
  
  
  

Compliance Analysis and Reporting

• Work within Agile development teams, ensuring compliance of software deliverables and associated operations to all required standards
• Review documentation and processes to ensure compliance with these standards throughout the software development lifecycle
• Conduct periodic audits of required standards, associated controls, and control items
• Analyze security practices and compliance data to assess effectiveness and identify trends or recurring issues in Agile development projects
• Prepare detailed reports on compliance status, audit findings, and recommendations for enhancing security and compliance practices
  
  
  

Risk Management and Strategic Planning

• Develop and refine risk assessment methodologies to evaluate security risks associated with new software features and deployments
• Provide guidance on mitigating risks identified during the compliance review processes
• Collaborate with other security engineers and IT teams to ensure risk mitigation strategies are effectively implemented
• Ensure that security compliance policies are communicated to and understood by all stakeholders, including Agile DevOps teams
  
  
  

Cross-Functional Support and Documentation

• Develop or modify implementation and design documents describing how security features are implemented
• Provide cross functional support for product teams across the organization
• Advise the government representatives on security and best practices
• Act as a resource for Agile teams and IT staff by providing expert advice on compliance matters in an advisory capacity
• U.S. Citizenship required to obtain Public Trust
• Bachelor’s Degree 10 years of relevant experience; Master's degree in Cybersecurity, Information Technology, or a related field preferred
• Professional certifications relevant to compliance and security, such as CISSP, CISM, or specific to NIST, FedRAMP, and FISMA
• Ability to integrate with Agile development team
• Experience with modern software development practices and cloud architectures
• Must be able to define your own work in a team environment
• Experience with process automation with programming or scripting languages such as python, terraform or bash
• Strong knowledge and experience with Federal Risk Management Framework (RMF) and how it translates to technical implementation and security practices
• Ability to administer, operate, and maintain the security tools such as CloudWatch Events, Nessus, Inspector, AWS Config benchmark setting, Security Hub, WAF, and Macie
• Detail-oriented with a high level of integrity and professionalism
• Proactive in identifying potential compliance issues and developing solutions
  
  
  

EOE/M/F/VET/DISABLED

All qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Amivero complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.