Flexion is seeking a Security Engineer to join our Flexion team to support a large agile health IT program in the Maryland/Virginia/Washington DC area. Hybrid of client onsite and remote work. The team's mission is to improve the program in the areas of security, reliability, and efficiency.
In this role you must possess excellent problem-solving skills and deep technical knowledge with a strong aptitude for appreciating the focus, scope, and impact of your work in a much wider and forward-looking software landscape. You should also be able to demonstrate a history of technical leadership, excellent communication, and a positive attitude.
You will collaborate with team members to develop tools that support several product development teams. Although you are a member of the cloud services team, you will work directly with two or three product development teams as an "Embedded Liaison". About half of your time will be spent with your teams as a Liaison, while the other half is spent working with the cloud services team to build tools and solutions.
Embedded Liaisons are infrastructure and automation experts that serve as ambassadors, directly connecting product teams to the cloud services team. You will interact directly with your product teams every day. For the cloud services team, you are our eyes and ears on the ground, conducting invaluable user research. For the product teams, you socialize and coach cloud services tools, solutions, and services.
Finally, the cloud services team provides expert troubleshooting services, and we are engaged by the primary support teams as a diagnostic experts to help reduce the severity and duration of significant incidents, and to understand and document incident root causes.
- Extensive experience in Information Security, Cloud/Operations Security, Application Security, Threat Modeling and Risk Identification, Security Controls and Compliance, Pentesting, Dynamic and Static Scanning Tools
- Facilitate the identification of relevant application security threats (Threat Modeling in particular) and the establishment of appropriate security control requirements and test plans.
- Fluency with agile methods including SAFe/Scrum
- Experience with tools such as AWS Trusted Advisor and dynamic and static scanner analysis for heterogenous code bases
- Ensure that software is architected, designed, and implemented to avoid security-related logic flaws and other adverse security consequences.
- Application security experience, including familiarity with OWASP Top 10 and ASVS, and the ability to train developers in the identification and remediation of application vulnerabilities. Provide guidance to developers on the appropriate selection and implementation of relevant application security controls.
- Understanding of applying NIST RMF (800-43 rev 4) in application design and implementation
- Application and understanding of assessing remediating STIG operating system and application baselines
- Experience with
- DevOps: bash/zsh, Groovy, Python, HCL/Terraform
- Security Tools: ZAP/Burp/SonarCloud/SonarQube/SSL analysis tools/Packet analysis tools
- Bachelor's Degree
- Strong communication skills, both vertically and laterally
- Experience working in a Federal Government setting
- Strong organizational skills
- Ability to balance multiple projects at once
- Ability to prioritize in a fast-paced environment
- Speak openly and honestly about problems and proposed solutions
- Apply an attitude of servant leadership in a technical leadership role
- Welcome and handle changing requirements and priorities with little or no warning
- Collaborate in small groups online about 50% of the time
- Encourage simple and minimal solutions that keep options open
- Expect and vocally advocate for quality first
- Learn new practices and techniques as the situation demands
- Ensure the teams develop demonstrable software every week or two
- Do what needs to be done to deliver the product or project
- Relentlessly improve yourself, your team, and your processes
Equal Employment Opportunity/Affirmative Action Employer