Under Development Features: Talent Bank/Pool, VMS Intigration, Analytics, Social Integration, Reports, API Integration, Resource and Timesheets Management, Company Admin

DevSecOps Engineer (1074 views)

Washington, DC
May 29, 2020

*** Direct Client Requirement****

Title: DevSecOps Engineer

Location: Washington, DC

Rate: DOE

Duration: Long Term

Interview Type: Webcam or Skype interview

Work Status: Successful applicants must be legally authorized to work in the U.S.

Job Type: W2

Experience: 8 YEARS

Job Description:


The Office of Information Security (OIS) ensures that security efforts throughout *** Group are coordinated and aligned with the Bank’s business and IT strategy. This Office delineates *** Group’s information security plans and ensures, in coordination with the Information Security Council, that resources and all implementation of plans, procedures, and standards are reviewed, supported, and deployed in the most effective and efficient manner and are consistent with overall risk management. The Office of Information Security needs a suitable resource to support the Certification & Accreditation functions. The Analyst will be required to work with the Certification and Accreditation (C&A) team and will have responsibilities for specific individual tasks, while working as an integral part of the team in executing OIS’s work program. S/he will have to review the security architecture evaluation of new systems and create security test plans based on existing and planned controls and recommendations. The candidate will also be expected to perform security analysis of the different layers of the systems (application, operating systems and database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems, and database vulnerability scanners (Cenzic Hailstorm /HP Web Inspect/ NGSSquirrel, Nessus).

Essential Job Functions:

  • Review the security architecture evaluation of the new systems and create risk-based test plans around existing and planned controls and recommendations
  • Perform security analysis of the different layers of the systems (application, operating systems, and database layers) by performing source code review, manual testing, and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners
  • Perform application security testing on both native and web based mobile applications on different mobile platforms (iOS and Android)
  • Configure, troubleshoot, and perform web and database post-production scans
  • Analyze the results of security testing following a risk-based approach and work with DBAs, network operations, and application development teams through recommending and monitoring of remediation activities
  • Maintain detailed documentation of test procedures and findings in ITSSR ticketing system
  • Develop and maintain ITSSR security testing procedures for the different layers of web, mobile, and enterprise application systems to incorporate new testing methodologies and improve the process
  • Maintain vulnerability scanning tools (i.e. Cenzic Hailstorm) to ensure they are up to date and running properly
  • Assist in identifying and maintaining licenses for security manual testing tools and mobile security testing tools
  • Stay abreast of newer trends in tools and technologies used for web and mobile application security

Educational Qualifications and Experience:

  • Education: Bachelor’s degree, preferably in Computer Science, Information Management, or Information System
  • Role Specific Experience: 7+ years of relevant experience in information security and application security
  • Hands-on experience with running web application testing tools (e.g., Cenzic Hailstorm, HP Web Inspect, IBM AppScan), performing manual testing and source code review, validating test results, analyzing vulnerabilities and helping develop platform specific remediation plans

Certification Requirements:

  • Recognized industry certifications (e.g. Certified Information Systems Security Professional CISSP, Certified Ethical Hacker CEH, SANS GWEB or GWAPT) is a plus

Required Skills/Abilities:

  • Automating Security Testing activities in DevOps Methodology
  • PowerShell, Python
  • MS TFS, Azure DevOps
  • Chef, Jenkins
  • Good knowledge of common website vulnerabilities (such as SQL injection, cross-site scripting, remote/local file inclusion, etc.) and common website exploit techniques (such as character encoding, privilege escalation, directory traversal, etc.)
  • Good understanding of web application technologies (e.g. Java, .NET, Drupal), database management systems (Oracle, MS SQL, etc.), operating systems (e.g. Windows, UNIX) and operation/configuration of common web servers (e.g. IIS, Apache)

Desired Skills/Abilities (not required but a plus):

  • Knowledge of Web Application Firewall (WAF) operation
  • Experience with security vulnerability evaluation of ERP solutions (e.g., SAP and PeopleSoft), COTS solutions and application middle-ware (Documentum, SharePoint, etc.)
  • Understanding of mobile application security testing on different mobile platforms (iOS and Android)
  • Previous software development experience (using .NET or Java)





Apply here or Please send to resumes@sohanit.com


Position Keywords: DevOps,PowerShell, Python,MS TFS, Azure DevOps,Chef, Jenkins,Java, .NET, Drupal,SAP and PeopleSoft

Pay Rate: DOE

Job Duration: Long term

% Travel Required: None

Job Posted by: Consulting Services


Work Authorization: Successful applicants must be legally authorized to work in the U.S

Don't have time now?
Get a reminder in your inbox