DevSecOps - Checkmarx (Remote)

ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™

ASRC Federal is seeking an experienced Checkmarx SME to support and augment ongoing efforts to achieve, maintain, continuously improve, and integrate Zero Trust (ZT) operational capabilities and solutions across ZT pillars at a large Federal agency.

The Checkmarx SME will assess the maturity of the DevSecOps environment on an application basis. They will advise and support the development of a roadmap to attain optimal Zero Trust maturity. They will advise on the configuration and maintenance of the Checkmarx within the existing CI/CD pipeline while collaborating with security, assurance, and product owners . The ideal candidate will have previous Federal agency experience with Application Security, DevSecOps, and CI/CD configuration in a Zero Trust environment and knowledge of and experience with Zero Trust federal requirements and the DHS CISA Zero Trust Maturity Model. This position is REMOTE.

Responsibilities:

• Ensures that the development and deployment pipelines are secure, automated, and efficient and use security best practices in accordance with ZT requirements at the optimal level.
• Responsible for designing, advising, and training software development teams on automation and integration activities necessary for DevSecOps workflows in accordance with ZT requirements at the optimal level.
• Will need to apply experience and advanced knowledge of software development security principles and approaches to develop plans and techniques and implement tools to improve ZT maturity.
• Create and maintain technical documentation.
• Solution design, development, integration, and testing.
• Will need to understand the current state of applications to include the existing environments and Operating Systems (OS) and technical restrictions that may be present with legacy code.
• Developing, integrating, and implementing solutions to diverse, complex problems.
• Will define, plan, and organize assigned resources to accomplish organizational objectives.

Requirements:

• Minimum of 8 years' experience.
• Expert with Checkmarx
• Bachelor's degree in computer science, electronics engineering, engineering, or another technical discipline.
• Fluency in one or more of the following programming languages: Java, C#, Python, Go.
• 5 years minimum experience implementing automated workflows in CI/CD and DevSecOps environments.
• 5 years minimum experience using tools that enable automated workflows, such as Jenkins, GitLab, TFS, Bitbucket, Git, etc.
• 5 years minimum experience with containers and container technologies such as Docker, Podman, Kubernetes, etc.
• Must have experience in designing, advising, and training software development teams in automation and integration activities required for DevSecOps workflows.
• Must have experience with scripting languages.
• 4 years minimum experience implementing automation throughout the Software Development Life Cycle for DevSecOps pipelines.
• Knowledge of assessing the capability of existing DevSecOps pipelines, the ability to design and implement security improvements, and the ability to assist software development teams in their use.
• Experience Working in an Agile Framework environment.
• Knowledge of DoD security requirements and compliance.
• Must be a US Citizen able to obtain an agency-specific suitability / public trust clearance prior to starting.

Desired Skills and Qualifications:

• Recent experience at a federal agency.
• Knowledge and experience with Zero Trust federal requirements and DHS CISA Zero Trust Maturity Model.
• Proficiency in scripting, identity, MFA, micro-segmentation, how approaches affect delivery teams, end point detection, data protection, policy automation and orchestration.

• Proficiency in continuous monitoring and real time analytics to detect and respond to issues immediately.
• Experience with Burpsuite, Backstage, automation and governance standards.

• Cloud experience specifically, AWS, Google, or Azure.
• Proficiency in AWS Cloud administration and AWS services.
• Proficiency in managing EC2 servers, AMIs, restores, and backups.
• Proficiency in configuring and monitoring AWS CloudWatch for resource metrics, logs, and alarms.
• Knowledge of AWS Security Hub for centralized security findings and compliance checks.
• Proficiency in managing AWS storage services (e.g., S3, EBS, EFS).
• Familiarity with AWS Detective for threat detection and investigation.
• Experience with AWS Backup for automated backups and retention policies.
• Experience with AWS Systems Manager for patch management, automation, and compliance.
• AWS or other applicable Technical Certification.
• Experience with containerization
• Splunk experience

We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.

EEO Statement

ASRC Federal and its Subsidiaries are Equal Opportunity /Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.