By Light Professional IT Services · 1 day ago
Security DevOps Engineer (DevSecOps)
United States
Full-time
Remote
Mid Level
Maximize your interview chancesGovernmentInformation Services
No H1B
Security Clearance Required
Insider Connection @By Light Professional IT Services
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Perform GitHub code scanning using Dependabot and CodeQL.
Conduct vulnerability analysis and manage secrets to ensure compliance with security standards and documentation/reporting for Authority to Operate (ATO) security authorization for FISMA information systems.
Document findings, recommendations, and improvements. Generate regular reports on code quality metrics.
Conduct Threat Model analysis using Microsoft Threat Modeling Tool.
Research and address potential security issues for products, services, interfaces, protocols, etc., which may be introduced into the MHV environment.
Perform code quality assessments using static analysis tools to identify code smells, anti-patterns, and areas for improvement.
Conduct security scanning to identify vulnerabilities (e.g., OWASP Top Ten) in the codebase.
Optimize code performance, resolving bottlenecks, memory leaks, and resource-intensive areas.
Integrate code analysis tools into CI/CD pipelines, ensuring code quality checks are automated.
Develop scripts and automation tools using Python, Shell, or other scripting languages to streamline processes.
Prepare system, boundary, and authorization architectural diagrams using Visio.
Support the ATO process by documenting scans, creating diagrams, gathering artifacts, and addressing Security Control Assessments.
Work effectively with cross-functional teams, including developers, testers, and project managers, to ensure secure and efficient code releases.
Understand and work within AWS cloud infrastructure.
Utilize virtualization technologies such as VMware and containerization tools like Docker, Rancher, Kubernetes, and AWS EKS.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Proven experience with GitHub code scanning tools (Dependabot, CodeQL).
Proficiency in security scanning and vulnerability management (e.g., OWASP Top Ten).
Strong scripting and automation skills (Python, Shell).
Familiarity with Agile and DevOps methodologies.
Knowledge of security frameworks (NIST, VA 6500).
Hands-on experience with threat modeling tools (e.g., Microsoft Threat Modeling Tool).
Ability to create technical diagrams and documentation.
Preferred
Familiarity with FISMA compliance and ATO processes.
Experience with performance optimization tools.
Strong communication skills for cross-functional collaboration.
Company
By Light Professional IT Services
BY LIGHT Professional IT Services is a provider of IT, cloud, cyber and infrastructure solutions to the US Federal Government.
Founded in 2002
1001-5000 employees
Funding
Current Stage
Late StageTotal Funding
unknown2017-05-31Acquired
Leadership Team
Bob Donahue
President & CEO
Mike Bowser
Chief Operating Officer
Recent News
2024-11-07
Google Patent
2024-11-07
The Lawton Constitution
2024-04-25
Company data provided by crunchbase
