ECS is seeking an AppSec Analyst/Engineer
to work remotely
. Job Description:
- Adhere to, track, measure and evaluate compliance across the enterprise for Application Security.
- Support the technical implementation of existing and future cybersecurity tools.
- Support client's cybersecurity architecture by providing active and engaged solutions to IT teams relative to security design and review processes. Ensure the effective operations of existing and future Cybersecurity IT.
- Conduct effective engineering, requirements development and documentation, enterprise architecture documentation (SPARXs)
- Develop cybersecurity capability requirements.
- Enhance the security posture, resilience, reliability of the customer's cybersecurity IT infrastructure and processes across on-premises and multiple cloud environments.
- Develop and maintain network diagrams, topology diagrams, and other process flow diagrams.
- AppSec Analyst
- Perform all Application Security Analyst functions, within the Fortify SSC, Sonatype, Burp and Web Inspect security suite of tools.
- Scan DHRA and DMDC applications.
- Coordinate with the application owners, and other designated POCs or AppSec compliance analysis and feedback.
- Conduct cybersecurity vendor tool analysis and provide security assessment of vendors.
- Perform data analysis and interpret results.
- Collect data from across the enterprise and generate value added metrics and reports.
- Collaborate with leadership and government personnel to develop metrics based on enterprise situational awareness.
- Maximize the use of existing tools to correlate information and synthesize data into usable and actionable events.
- Process all AppSec ServiceNow Tickets within the defined SLA.
- Maintain AppSec SharePoint sites process flows and data for accuracy and reporting.
- Generate, track and coordinate POA&MS.
- Perform analysis and tracking of POA&Ms' Not Applicable Status.
- Work independently, as well as part of the Cybersecurity Team.
- Create and maintain SOPs, TTPs, knowledge articles and daily checklists.
- Prepare and present weekly presentation status slide.
- Must be a US citizen, possess a DoD Top Secret clearance: Minimum vetting Tier 5 (T5)-Single Scope Background Investigation (SSBI).
- One of the following certifications for Active DoD 8570 IAT Level 3, IASAE Level 2, or IASAI 3 for compliance, including at least one of the following certifications in good standing: CISSP (or Associate), CASP+ CE, CISSP-ISSAP, CISSP-ISSEP, CCNP Security.
- Experience with one or more programming languages such as Java, .net, C++.
- Bachelor's degree and 7+ years of Information Technology or Cybersecurity related experience.
- Ability to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholders.
- Capacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutions.
- Excellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and risk.
- Knowledge of DoD cybersecurity policies, practices, and requirements.
- Project Management experience.
- Prior Fortify experience.
- Prior Engineering/Administration experience.
- Experience in an enterprise environment (1500 servers plus 2500 workstations).
- Knowledge of DoD requirements including DISA STIGs and USCYBERCOM issuances.
- Strong troubleshooting skills.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.