View Our Website View All Jobs

DevSecOPS Lead

 

Top Secret Clearance is Required

Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including local area networks/wide area networks (LAN/WAN), commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. 

Job Responsibilities & Requirements:

  • Minimum of current Top Secret clearance with ability to obtain TS/SCI Clearance. In addition to specific security clearance requirements all Department of Homeland Security SOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program. 
  • Analyze user needs and software requirements to determine feasibility of design within time and cost constraints. 
  • Applies coding and testing standards, security testing tools (including ‘fuzzing’ static-analysis code scanning tools), threat modeling, and conducts code reviews.
  • Conduct trial runs of programs and software applications to ensure the desired information is produced and instructions are correct. 
  • Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
  • Identify common coding flaws. 
  • Identify security issues around steady state operation and management of software. 
  • Incorporate security measures that must be taken when a product reaches end of life.
  • Perform integrated quality assurance testing for security functionality and resiliency attacks. 
  • Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities. 
  • Apply comprehensive knowledge of Information Security issues to include; but not limited to, cloud technology, internet servers, web-enabled database applications, network security, security engineering, data integrity, intrusion detection, firewall management, forensic and legal information security, virtual private networks, public key/infrastructure/digital signatures, encryption, network security architecture and DHS Policy. 
  • Recognize security implications in the software acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing. 
  • Perform penetration testing as required for new or updated applications. 
  • Develop code (e.g., Python, Powershell, Django, Javascript, HTML, CSS, etc.) to interact with API driven security technologies to automate security tasks (e.g., VirusTotal, Splunk ES, Tanium, etc.) aimed at removing human errors and human inconsistencies

Qualifications:

  • BS degree and 12 – 15 years of prior relevant experience or Masters with 10 – 13 years of prior relevant experience.
  • The candidate must possess the technical skills and experiences with Cloud Service (AWS,Azure, etc), continuous delivery systems and  enhancing SOC operations through automation. The ideal candidate will also have experience leading and mentoring junior members.
  • Previous professional experience with performing integrated quality assurance testing for security functionality and resiliency to attacks.   
  • Previous professional experience with secure programming and identify potential flaws in codes to mitigate vulnerabilities. 
  • Applies coding and testing standards, security testing tools (including ‘fuzzing’ static-analysis code scanning tools), Identify common coding flaws, threat modeling, and conducts code reviews. 
  • Perform or support penetration testing as required for new or updated applications. 
  • Recognize security implications in the software/code acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.   
  • Participate in network and system design to ensure implementation of appropriate systems security policies, designs and implement systems security and data assurance. 
  • Take an approach of; plan, code, build, test, release, deploy and monitor when writing software to automate CBP SOC security tasks 
  • Knowledge of Source Code Management concepts (code lines, branching, merging, integration, versioning, etc.)
  • Excellent problem solving, analytical skills and technical troubleshooting skills
  • Ability to work with customers/stakeholders, developers, testers, project managers, support staff
  • Experience acquiring in-depth understanding of large complex software systems to isolate defects, reproduce defects, assess risk and understand varied customer deployment

Certifications

One or more of the following Certifications:
CEH, CISSP, CSSLP, GPEN, OSCP, AWS Solutions Architect, RHSA, GXPN, GWAPT

Our Company Overview:

Business Computers Management Consulting Group, LLC (BCMC) is a small business specializing in Information Technology (IT), Cybersecurity, Information Assurance (IA), SOA, Big Data Management, Program Management, and more for Federal, State, and Local agencies. We possess highly skilled engineers, providing innovative solutions backed by strong past performances. We are ISO 9001:2015 certified and registered promising highest quality to all of our clients.

Benefits

Extremely competitive salary
95% employer paid for employee medical, dental, & vison coverages
100% employer paid for employee life, STD & LTD disability coverages
401k with company match and profit sharing
Flexible Spending Account (FSA) for dependent & health care
10 standard holidays & 3 weeks of annual leave

Read More

Apply for this position

Required*
Apply with Indeed
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

150