Integrate and enhance security into software delivery pipelines at Booz Allen
Requirements
- 5+ years of experience in cybersecurity engineering and DevSecOps in federal or defense environments employing IaC, CaC, CI/CD, and SSDLC concepts
- 3+ years of experience in scripting, including Python or Bash and automation frameworks
- 2+ years of experience implementing cybersecurity solutions in AWS cloud and container orchestration, including Kubernetes
- Knowledge of best practice cybersecurity and threat-based cybersecurity frameworks, including AI and ML security best practices
- Knowledge of NIST SP 800-53 controls, RMF compliance, eMASS, STIG Manager, STIG Viewer, and SCAP tools
- Knowledge of Agile and Change Management methodologies
- Security + Certification
Responsibilities
- Evolving and securing CI/CD pipelines by integrating automated security tools such as SAST, DAST, SCA, and container scanning
- Enhancing DevSecOps pipelines by refining vulnerability detection thresholds, tuning scanners, reducing false positives and optimizing remediation workflows
- Hardening infrastructure-as-code (IaC) templates and enforcing policy-as-code across environments
- Conducting risk assessments and contributing to system security plans (SSPs) and continuous authority to operate (ATO) efforts
- Collaborating with development, operations, and security teams to support secure software delivery
- Monitoring pipeline activity for anomalies and assisting in responding to security incidents
- Championing zero trust principles and driving adoption of secure-by-design methodologies across the software development life cycle (SDLC)
Other
- Top Secret clearance
- Bachelor’s degree in Cybersecurity or Computer Science
- TS/SCI clearance
- Master’s degree in a IT or Cybersecurity field
- Possession of excellent verbal, technical writing, and documentation skills
