Senior DevSecOps Security Engineer
PMCS Services, Inc. · Austin, TXClose:
Term:Full timeWork:OnsiteRemote
Type:EmployeeContract
We are seeking a full-time contractor or employee for a Senior DevSecOps Security Engineer role.
Understands business objectives and problems, identifies alternative solutions, performs studies and cost/benefit analysis of alternatives. Analyzes user requirements, procedures, and problems to automate processing or to improve existing computer system: Confers with personnel of organizational units involved to analyze current operational procedures, identify problems, and learn specific input and output requirements, such as forms of data input, how data is to be; summarized, and formats for reports. Writes detailed description of user needs, program functions, and steps required to develop or modify computer program. Reviews computer system capabilities, specifications, and scheduling limitations to determine if requested program or program change is possible within existing system.
Responsibilities:
Understands business objectives and problems, identifies alternative solutions, performs studies and cost/benefit analysis of alternatives. Analyzes user requirements, procedures, and problems to automate processing or to improve existing computer system: Confers with personnel of organizational units involved to analyze current operational procedures, identify problems, and learn specific input and output requirements, such as forms of data input, how data is to be; summarized, and formats for reports. Writes detailed description of user needs, program functions, and steps required to develop or modify computer program. Reviews computer system capabilities, specifications, and scheduling limitations to determine if requested program or program change is possible within existing system.
Responsibilities:
- Supports TIERS Operations, AWS Cloud Migration, and the Authority to Connect project.
- Applies information security threat intelligence to identify and exploit vulnerabilities across various environments.
- Performs daily analysis of both on-premises and cloud security operations.
- Brings experience from large-scale operations and development environments, with knowledge of custodian artifacts and regulatory requirements.
- Assists IT operations and development teams in meeting industry standards while utilizing the latest cybersecurity software.
- Collaborates daily with IT teams responsible for managing DevSecOps.
- Possesses a strong understanding of IT infrastructure, including database management and system administration.
- May be required to work in the office at least once a week or more.
Required Skills:
- Coordinates and executes security policies and controls, as well as assess vulnerabilities within the company.
- Experience with data and network security processing, security systems management, and security violation investigation.
- On a daily basis performs analysis of on-prem and cloud security operations and works with DevSecOps teams with delivery of security related activities including audits, documentation, and reporting.
- Understands regulatory requirements, has in-depth knowledge of industry standards and trends, and is proficient with the latest cybersecurity software. Works with DevSecOps and custodians.
- Experience with managing various projects and ability to plan and oversees all aspects of the projects.
- Strong ability to identify problems/issues, analyze and evaluate alternatives and recommend/implement effective solutions.
- Orchestrate calls to include, but not limited to project kick-off calls, notification of high/critical findings during the testing process, and close out calls to review test findings, evidence, process steps to reproduce, and remediation recommendations.
- Experience implementing security measures to protect computer systems, networks and data. Information security analysts are expected to stay up to date on the latest intelligence, including hackers’ methodologies, in order to anticipate breaches.
- Extensive experience with working with and implementing NIST 800-37, NIST 800-53, MARS-E controls, POA&Ms, and developing Corrective Action Plans.
- Review violations of computer security procedures and discuss procedures with HHSC/TIERS Security team. Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.
- Experience with Security web application firewalls.
- Experience with managing conflict and resolving issues at managerial levels.
- Experience with reviewing and coordinating audit responses, evidence gathering, and plan of actions. Experience collaborating with IT departments to coordinate audit responses.
Preferred Skills:
- Skilled information technology professional with advanced experience developing and implementing IT policy, standards and procedures.
- Experience in delivering technical training in cloud- based technology is a plus.
- Experience providing Windows and Linux operating system and application support.
- Experience with information security risk assessments.
- Experience with security governance and documentation and security plan documents.
- In-depth knowledge of AWS Cloud Security preferred.
- In depth knowledge and hand on experience on AWS Cloud Security preferred or experience with other Cloud service providers.
- Experience ITIL - ticketing using Remedy and ServiceNow.
- Ability to training staff on network and information security procedures, processes and information safeguarding.
- Experience working with Archer GRC, Dynatrace, Splunk, Imperva Web Application Firewall, Qualys and MS Office tools.
