Job Type
Full-time
Description
The Amivero Team
Amivero's team of IT professionals delivers digital services that elevate the federal government, whether national security or improved government services. Our human-centered, data-driven approach is focused on truly understanding the environment and the challenge, and reimagining with our customer how outcomes can be achieved.
Our team of technologists leverage modern, agile methods to design and develop equitable, accessible, and innovative data and software services that impact hundreds of millions of people.
As a member of the Amivero team you will use your empathy for a customer's situation, your passion for service, your energy for solutioning, and your bias towards action to bring modernization to very important, mission-critical, and public service government IT systems.
Special Requirements
US Citizenship Required to obtain Public Trust
Bachelor Degree + 10years of experience
The Gist...
We are seeking a skilled and motivated Security Engineer with a strong background in compliance to join our dynamic team. The ideal candidate will be responsible for ensuring the organization's adherence to security policies, regulatory requirements, and risk management frameworks (RMF) through the implementation of innovative compliance as code solutions and the use of cutting-edge technical tools. This role requires a deep understanding of security compliance standards, basic coding skills, and the ability to integrate security measures seamlessly into our software development lifecycle.
What Your Day Might Include... Oversee the documentation of compliance as code artifacts and maintain version control to ensure transparency and traceability.
Generate reports and metrics on compliance status, contributing to continuous improvement efforts.
Apply the Risk Management Framework (RMF) along with supporting NIST 800SP series, Cloud Security Framework-Fedramp guidance & Privacy controls when developing IT application portfolios or enterprise IT infrastructures.
Integrate FISMA compliance requirements in parallel with security engineering IT Vulnerability management tools, applying Federal policy & regulations, implementing critical security controls for data privacy regulations, performing risk management best practices, & assurance of DOD &FISCAM compliance.
Spearhead the creation and maintenance of compliance as code solutions to automate security controls and policy enforcement within our development and deployment pipelines.
Collaborate closely with cross-functional teams to embed compliance checks into Infrastructure as Code (IaC) scripts and configuration management tools.
Utilize automation frameworks to streamline compliance processes, minimizing manual efforts, and ensuring consistent application of security controls across our technology stack.
Integrate compliance checks into CI/CD pipelines, enabling continuous monitoring and immediate resolution of compliance issues.
Evaluate, implement, and manage security tools that support compliance automation, such as static/dynamic code analysis, vulnerability scanners, and configuration management tools.
Optimize toolsets for efficiency and effectiveness in maintaining a robust compliance posture.
Work collaboratively with development and operations teams to foster a DevSecOps culture, where security is seamlessly woven into the fabric of the development lifecycle.
Provide expertise in code reviews, ensuring that security best practices are adhered to in the development process.
Requirements
You'll Bring These Qualifications... US Citizenship Required to obtain Public Trust
Bachelor's degree in Computer Science, Information Technology, or a related field. + 10 years of relevant experience
Proven experience in developing and implementing compliance as code solutions.
In-depth knowledge of compliance frameworks (e.g., NIST, ISO) and hands-on experience with automation frameworks.
Experience in scripting and coding languages (e.g., Python, PowerShell) for automation purposes.
Familiarity with Infrastructure as Code (IaC) tools and practices.
EOE/M/F/VET/DISABLED
All qualified applicants will receive consideration without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. Amivero complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.
