Cybersecurity Engineer bei Base-2 Solutions

Job Description
Base-2 Solutions is seeking a Cybersecurity Engineer who will design, build, implement, enhance, and maintain a DevSecOps capability within the Cloud Development Platform (CDP) for the Defense Intelligence Agency (DIA). Enable application security, secure deployment, and secure operations at the speed of mission across multiple security domains, deployment models, and environments. Design, build, implement, and maintain a virtual developer desktop environment to provide CDP customers with a streamlined and consistent workspace for developing mission applications using CDP resources. The role supports automation, continuous security integration, and compliance with DIA Risk Management Framework (RMF) standards under a Zero-Trust (ZT) approach.

Capabilities

• Manage DevSecOps Services staff, activities, schedules, and risks including but not limited to:
  • Assist Government section or team leads with setting priorities and identifying areas requiring investment.
  • Aid the Government section or team lead with managing resources and timelines in delivering new, or enhancing existing, capabilities.
  • Update and aid in maintaining the CDP centralized work breakdown structure detailing all existing and upcoming CDP team efforts and focus areas.
• Maximize consistency of DevSecOps capabilities across applicable security domains, deployment models, and environments to promote a smooth CX for development teams operating with low-to-high engineering approaches.
• Automate, monitor, and apply security at all phases of the software lifecycle: plan, develop, build, test, release, deliver, deploy, operate, and monitor.
• Configure, upgrade, operate, and manage essential tools including but not limited to GitLab, Jenkins, Artifactory, SonarQube, Jira, Confluence, Xray, Selenium, Fortify, and Acunetix.
• Develop, maintain, and enhance CDP’s developer virtual desktop capability across applicable security domains, deployment models, and environments including but not limited to Linux and Azure models for virtual desktops.
• Fully automate risk characterization, monitoring, and mitigation across the application lifecycle.
• Incorporate cyber resiliency and ZT principles as part of the DevSecOps pipeline process.
• Integrate pipelines with the DIA Cyber and Security Division (CIO-4) provided automated tools and processes for the Risk Management Framework (RMF).
• Maximize automation to update and re-distribute developer virtual desktop baselines monthly to maintain security compliance.
• Fulfill service requests to provision DevSecOps and developer virtual desktop accounts for CDP customers to include account request form processing, reviews, workflows, account creation, and account deprovisioning.
• Curate and publish a list of public sources for training on DevSecOps tools and coordinate with tool vendors to provide informational or enablement events to the CDP community regarding new tool capabilities, versions, and roadmaps.
• Develop, maintain, and enhance sample code and/or reference applications to facilitate customer utilization of CDP services and validate CDP functionality.
• Employ Agile, DevSecOps, and low-to-high software engineering methods to implement DevSecOps Services.
• Support obtaining and maintaining DevSecOps Services ATO in accordance with DIA’s RMF process under a ZT approach, including providing expertise with Xacta and security monitoring requirements.
• Conduct ongoing security audits and analysis of system access and logs to identify anomalies and support ZT, including providing expertise with security monitoring and tools such as Splunk.
• Support DevSecOps Services backlog grooming, increment planning, and feature roadmap development leveraging HCD insights, evolving priorities, and emerging technologies.
• Provide Tier 0 through 3 support to customers for the DevSecOps Services.
• Provide operations and maintenance support such as patching, monitoring, backup/restore, and emergency releases.