A financial firm is looking for a Security Assessment Engineer to join their team. This role is remote.
Pay: $70-75/hr
USC Only
Top Skills:
1. DevSecOps expertise
2. Control automated Testing experience
3. Development and scripting
4. Communication (including documentation of processes), collaboration, consultative and team focused individual able to work around EST hours
5. Mix of security engineering, security control automation, development and assessor in a NIST risk management environment
Responsibilities:
• Support DevSecOps initiatives by developing and implementing test-driven security within a CI/CD pipeline
• Create automation to support the NIST Risk Management Framework
• Develop and track Plan of Action and Milestones (POA&Ms) to address identified security vulnerabilities and compliance gaps
• Document clear and repeatable process and train others to be able to perform automated assessment reviews
• Develop and implement security assessment automation tools to support DevSecOps practices
• Collaborate with development teams to integrate security assurance into the CI/CD pipeline
• Conduct security assessments and risk analyses on new and existing software
• Provide Subject Matter Expertise in the creation of security policies, standards
• Develop and document procedures specific to the role
• Work closely with compliance teams to ensure continuous monitoring and authorization
• Assist in developing security training and awareness for technical staff
• Stay current with evolving security landscape, industry trends, tools, and best practices
Qualifications:
Required
• Bachelor's degree in Computer Science, Information Security, or a related field (preferred)
• Proven experience with security assessment tools and methodologies
• Experience with wide range of programming languages, automation tools and scripting languages (e.g., Python, Ruby, Go, Bash/Shell, JavaScript/Node.js, Groovy, YAML/JSON, PowerShell, Java, Terraform)
• Understanding languages in the context of various DevSecOps tools and platforms like Docker, Kubernetes, Ansible, Chef, Puppet, Jenkins, GitLab CI, and cloud service providers (AWS, Azure, GCP)
• Experience with Policy as Code and Compliance as Code
• Knowledge of compliance frameworks and continuous authorization processes; Prefer NIST SP800-37, SP800-53/53a
• Excellent communication skills and the ability to work collaboratively
• Operational vulnerability analysis
• Deep understanding of Dev/Sec/Ops processes and testing
Preferred
• Certifications such as GCSA, CISSP, CEH, or OSCP
• Experience in a policy and assurance or quasi-governmental environment
• Familiarity with cloud service providers and associated security challenges
APPLY NOW
Back to Search Results
Pay: $70-75/hr
USC Only
Top Skills:
1. DevSecOps expertise
2. Control automated Testing experience
3. Development and scripting
4. Communication (including documentation of processes), collaboration, consultative and team focused individual able to work around EST hours
5. Mix of security engineering, security control automation, development and assessor in a NIST risk management environment
Responsibilities:
• Support DevSecOps initiatives by developing and implementing test-driven security within a CI/CD pipeline
• Create automation to support the NIST Risk Management Framework
• Develop and track Plan of Action and Milestones (POA&Ms) to address identified security vulnerabilities and compliance gaps
• Document clear and repeatable process and train others to be able to perform automated assessment reviews
• Develop and implement security assessment automation tools to support DevSecOps practices
• Collaborate with development teams to integrate security assurance into the CI/CD pipeline
• Conduct security assessments and risk analyses on new and existing software
• Provide Subject Matter Expertise in the creation of security policies, standards
• Develop and document procedures specific to the role
• Work closely with compliance teams to ensure continuous monitoring and authorization
• Assist in developing security training and awareness for technical staff
• Stay current with evolving security landscape, industry trends, tools, and best practices
Qualifications:
Required
• Bachelor's degree in Computer Science, Information Security, or a related field (preferred)
• Proven experience with security assessment tools and methodologies
• Experience with wide range of programming languages, automation tools and scripting languages (e.g., Python, Ruby, Go, Bash/Shell, JavaScript/Node.js, Groovy, YAML/JSON, PowerShell, Java, Terraform)
• Understanding languages in the context of various DevSecOps tools and platforms like Docker, Kubernetes, Ansible, Chef, Puppet, Jenkins, GitLab CI, and cloud service providers (AWS, Azure, GCP)
• Experience with Policy as Code and Compliance as Code
• Knowledge of compliance frameworks and continuous authorization processes; Prefer NIST SP800-37, SP800-53/53a
• Excellent communication skills and the ability to work collaboratively
• Operational vulnerability analysis
• Deep understanding of Dev/Sec/Ops processes and testing
Preferred
• Certifications such as GCSA, CISSP, CEH, or OSCP
• Experience in a policy and assurance or quasi-governmental environment
• Familiarity with cloud service providers and associated security challenges
APPLY NOW
Loading...
Success!
Your application was successfully sent!