DevSecOps Security Specialist

Working at USfalcon is about providing exceptional professional services to the DoD and various Federal Agencies. We have been excelling in diverse platforms for almost 30 years and continue to be an industry leader. If you thrive in an organization that values integrity, commitment, stewardship, and service, we want to meet you.

We have an exciting opportunity to join us in supporting one of our valued customers as a DevSecOps and Software Security Specialist to work out of Colorado Springs, CO supporting Space Systems Command (SSC), Space Training Acquisition Organization (STAO).
The DevSecOps and Software Security Specialist will support development of Modeling and Simulation (M&S) software used to conduct training of Space Operators or injection of space effects into multi-domain exercises. Software may include cloud-based and server/desktop platforms. Effort will include designing, implementing, and maintaining security for a variety of cloud, virtual and physical platforms.

The candidate will design, implement, operate, and monitor SecOps solutions using tools such as AWS GuardDuty, CloudTrail, and CloudWatch; Prometheus; Grafana; Jaeger; Elastic/ELK Stack (kubewatch; fluentd; Static Code Analysis tools; 3rd party dependency vulnerability scanners; authentication proxies; firewalls; TLS encryption; role based access control; vulnerability scanners; and patch and configuration management tools while restricting access to sensitive components such as nodes, etcd, Kubelet, Kubernetes Dashboard, and API servers). Critical to this effort, the candidate should be able to identify possible attack vectors, vulnerabilities, and proper configurations to mitigate risk to an acceptable level. Use agile management tools to track and manage projects. The candidate should be able to design elegant solutions, solve complex problems, integrate different components, incorporate test into design, and research solutions for collecting, storing, manipulating, and presenting information while embracing open architectures, software, and common standards.

The candidate will support developers in DevSecOps design, implementation, and maintenance operations to include securing Kubernetes hosts, control planes, Pods, and workloads. Work with developers to ensure the Continuous Integration/ Continuous Development (CI/CD) pipeline automates security scanning and reporting to ensure secure coding practices are being followed, such as securing container images, passing vulnerability and quality scanners when code is checked into source code repositories, and adhering to Role-based access control policies. Partial remote work is possible.

Essential Duties:

• Work efficiently and effectively from the office, at home, and/or remote locations
• Integrate security principles into the development and deployment of software/hardware solutions
• Ensure continuous monitoring processes are installed and actively controlled
• Participate in root cause analysis investigations
• Establish DevSecOps processes to ensure permissions and configurations are appropriate
• Review and validate newly developed code
• Facilitates data and cloud migration
• Collaborate with team members, management, customers, and external technical teams to identify/capture end-user requirements, and ensure timely, high-quality solutions
• Flush out technical details/requirements; ensure code quality and security; design for test; assist in code and functionality/usability reviews; troubleshoot, debug, test, maintain and improve software; assist other team members; design, develop, document, analyze, test, integrate, debug, and analyze software and system requirements to provide scalable and reliable services
• Additional duties may be assigned

Required Qualifications:

• High School diploma or equivalent and 10 years' experience in the Cyber security, engineering, science or information security disciplines.
• Current DoD 8570.01-M IAT Level 2 or 3 certification (e.g., CompTIA Security , ISC2 CISSP or must obtain within six months of hire)

Preferred Qualifications:

Bachelor of Science (B.S.) degree in Computer Science or related technical field is preferred.

The ideal candidate is someone with excellent problem-solving, communication, and interpersonal skills who can work in a team environment to support DevSecOps; handle multiple assignments; synthesize information to solve complex problems; secure data and systems from unauthorized access; develop, diagnose, and operate security/security alerting components; identify customer needs; validate product design; and support positive priority escalation and conflict resolution within a team.

• Several years’ experience with DevSecOps and/or AWS
• Languages/scripting: Knowledge of Ansible, Terraform and YAML scripts is strongly desired. Knowledge of common coding languages (C, C , C#, .NET, XML, PHP, Python, Go (Golang), Groovy, JavaScript, TypeScript, HTML, CSS, WebSockets, jQuery, Junit, VUE, MATLAB, YAML, JSON, REST, and JavaScript Framework (Angular, NodeJS, Express, React, Ember, Knockout, Backbone, and/or Vue)) is a plus.
• Cloud Development/Services Platforms: AWS, Cloud Native Computing Foundation design and tools
• Cloud Monitoring Services: Kubernetes Dashboard, Grafana, Prometheus, Jaeger, Elastic/ELK Stack, kubewatch, cAdvisor, fluentd, and Weave Scope
• Agile Management Tools: Atlassian Jira, Microsoft Azure Boards
• Container/Container Management: Kubernetes, Jenkins, OpenShift 4.x, VMWare Tanzu, Rancher, Docker, Podman, Helm, Istio
• Ops/Infrastructure: Elastic/ELK (Elasticsearch, Kibana, Beats, and Logstash), Argo, Maven, Ansible, Puppet, Terraform, Minion, Linting Tools (Ansible Lint, JSON Lint, YAML Lint), HAProxy, CoreDNS, Zookeeper, GitLab Runner
• Repositories: GitLab, S3 Bucket, Argo, Vault
• Build and Test: Gradle, Maven, Npm Registry, JUnit 5, Cypress.io, OWASP, Fortify, Coverity, SonarCube
• Monitoring: Elasticsearch, fluentd, Kibana, Prometheus, Kiali, Grafana, Logstash
• Security: Fortify, Twistlock, Anchore, SonarQube, OpenSCAP, OWASP, Helm, IAM, SAML, OAuth, Trufflehog, Nessus, Container security, Zero Trust
• Database/Data: Designing, accessing, and maintaining data stores, feeds, and processing tools including MySQL, MariaDB, MS SQL Server, PostgreSQL, MangoDB, Nifi, NoSQL
• Messaging: Pub/Sub, Kafka, RabbitMQ, Active MQ, NATS
• API Gateways: AWS API
• Webservers: Apache HTTP, Apache Tomcat, IIS, Nginx, H2O, Caddy, Eclipse Jetty, XAMPP
• Operating Systems: Windows, CentOS, Red Hat or other Linux distributions
• Understanding of cloud service technologies and critical DevSecOps principles
• Proficiency in virtual environments
• Strong verbal and written communication skills and ability to interact with others in a professional manner
• Excellent problem solving and troubleshooting skills

Required Clearance: Ability to Obtain

Travel: 10%, Partial remote work is possible.

All USfalcon employees are required to show proof of vaccination status at time of hire to ensure compliance with EO14042, Ensuring Adequate COVID Safety Protocols for Federal Contractors (effective December 8, 2021).

In compliance with Colorado’s Equal Pay for Equal Work Act, the salary range for this role is $145,000 - $175,000; however, USfalcon considers several factors when extending an offer, including but not limited to, the role and associated responsibilities as well as a candidate’s work experience, knowledge, skills, education and training.

Benefits Offered: medical, dental, vision, life insurance, short-term disability, long-term disability, 401(k) match, flexible spending accounts, EAP, parental leave, pet insurance, paid time off, and holidays.

Salary : $145,000 - $175,000