DevSecOps Security Engineer

Dogwood is seeking a very talented DevSecOps Security Engineer professional for a full-time position offering a competitive salary, and excellent benefits. Work is expected to be performed 100% on-site in Washington, D.C. Corp-to-Corp or W2 hourly rate setup is also available. We are looking for a career-minded individual.

Must be willing to undergo a government background check

No third-party or Visa candidates can be considered

No Visa sponsorship available

The DevSecOps Security Engineer will support dynamic and static analysis (DAST and SAST) of code for multiple applications using Fortify and work across technical teams to support the remediation of findings. The DevSecOps Security Engineer will support a large team of infrastructure, security and application team during migration of on-prem and cloud applications to the client Azure Government enclave. The security engineer will configure, operate and maintain Security Code Scanning tools (Fortify). The engineer will provide support for security assessment and authorization/ ATO process, security audits.

Desired Experience:

• Certified in industry recognized areas such as CISSP, CISA, or CISM
• Familiarity with NIST 800-53, FISMA, FedRAMP
• Excellent organization, collaboration, project management, and team leadership skills
• Strong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership
• 2+ years of experience executing security compliance in multi-cloud or DevSecOps environments
• 2+ years of experience coordinating across security, IT operations, audit, and development groups to achieve security outcomes
• Security certification in one or more cloud environments (Azure, AWS, Google...)

Candidate Qualifications:

• Ability to acquire a Public Trust Clearance
• Bachelor s Degree and a minimum of 5 years of experience. Additional years of experience may be accepted in lieu of the degree.
• 5+ years experience supporting secure DevSecOps practices using Fortify on Demand
• 5+ years experience running Dynamic and Static Application Security Testing (SAST)
• 5+ years experience working with of source version control, build/release tools and methodologies
• 5+ years experience with CI/CD pipelines
• 5+ years experience with the software build process
• 5+ years experience supporting backups and disaster recovery
• 5+ years experience maintaining access control and the integrity of data throughout the platform
• 5+ years experience designing, developing, evaluating and modifying systems and systems-oriented products.
• 5+ years experience configuring, deploying and maintaining and optimizing security code scanning tools (Fortify)
• Work with the development and infrastructure teams to remediate findings
• Perform Cyber Supply Chain Risk Management (C-SCRM) activities to include configuring, deploying and maintaining SCRM tool (Mend) and analyzing reports.
• Support Security Assessment and Authorization / ATO process

Dogwood has been providing Cyber Security and related IT services to Commercial clients and federal agencies since 2001 and we owe our success to the quality of individuals we have been fortunate enough to hire and retain to perform to the standards set forth by leadership within our commercial clients and the federal government. Those who are not of the highest moral and ethical standards need not apply.

All responses will be held in confidence.

Dogwood Management Partners LLC is an equal opportunity employer. Minorities, Veterans, Service Disabled Veterans, and those with disabilities are encouraged to apply.