Leidos is seeking a talented Lead DevSecOps Engineer to join our team to support a federal customer within the Department of Homeland Security (DHS) Network Operations and Security Center (NOSC).
- Lead a small team of developers to gather requirements and design, codify, integrate and implement secure solutions that support NOSC business functionality.
- Work with stakeholders to develop requirements and deliverables
- Develop, document, and implement CI/CD strategy for management of Infrastructure as Code (IaC) baseline
- Develop and document shared infrastructure component management strategy to provide consistent standardized container, OS, and application baselines for infrastructure components available through self-service
- Identify requirements, develop, document, and implement branching strategy to support change management requirements while automating as much of the deployment process as practical in the (IaC) CI/CD pipeline.
- Review, debug, and resolve technical issues throughout all stages of SDLC
- Assist with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions
- Measure effectiveness of process improvement and automation efforts via metrics and KPIs
- Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.
- Applies coding and testing standards, security testing tools (including ‘fuzzing’ static-analysis code scanning tools), threat modeling, and conducts code reviews.
- Conduct trial runs of programs and software applications to ensure the desired information is produced and instructions are correct.
- Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
- Identify common coding flaws.
- Identify security issues around steady state operation and management of software.
- Incorporate security measures that must be taken when a product reaches end of life.
- Perform integrated quality assurance testing for security functionality and resiliency attacks.
- Identify potential flaws in codes to mitigate vulnerabilities.
- Recognize security implications in the software acceptance phase, including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
- Perform penetration testing as required for new or updated applications.
- The candidate shall have bachelor’s degree in Computer Science, Engineering, or related field and a minimum of 12 years of experience in system administration, database administration, network engineering, software engineering, or software development, with a concentration in cybersecurity
- At least one of the following certifications: CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX, Splunk Enterprise Certified Architect
- Extensive experience in design and automation of security tools and processes.
- Extensive experience in development, APIs, and scripting language support
- Experience implementing and maintaining services in a CI/CD pipeline
- Experience working in an Agile development environment.
- An active Secret Level Security Clearance and approved DHS Entry on Duty (EOD).
- Experience with VMware & Ansible/Ansible Tower and/or Terraform
- Experience with data administration automating management of large (multi PB) S3 storage pools
- Experience working in AWS and Azure
- Experience with SOAR platforms such as Swimlane, Phantom, Demisto, etc
- Experience as a SOC Analyst and/or Incident Responder
- Authoring SOC SOPs, playbooks, work instructions and/or other process documents
- Working knowledge of Java
Effective October 1, in order to enter Leidos facilities in the US and to attend Leidos business events outside our facilities, employees will be required to be vaccinated for COVID-19 or maintain proof of a negative COVID-19 test within 96 hours of entry. Effective December 8, all Leidos employees must be fully vaccinated (2 weeks past final dose) unless they are entitled to a legal accommodation. If you are not vaccinated, please consider getting your COVID-19 vaccination as soon as possible. If you have any questions, please contact your Talent Acquisition POC.
Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world’s toughest challenges in the defense, intelligence, civil, and health markets. The company’s 43,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $12.30 billion for the fiscal year ended January 1, 2021. For more information, visit www.Leidos.com.
Pay and Benefits
Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers. Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement. More details are available here.
Securing Your Data
Leidos will never ask you to provide payment-related information at any part of the employment application process. And Leidos will communicate with you only through emails that are sent from a Leidos.com email address. If you receive an email purporting to be from Leidos that asks for payment-related information or any other personal information, please report the email to [email protected].
Commitment to Diversity
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law. Leidos will also consider for employment qualified applicants with criminal histories consistent with relevant laws.