Senior DevSecOps Engineer

Job not on LinkedIn

November 18

Apply Now

Receive Emails with Similar Jobs

Guidehouse

WebsiteLinkedInAll Job Openings

Consulting • Digital Services • Public Sector

Guidehouse is a global consultancy offering advisory, digital, and managed services across commercial and public sectors. It is purpose-built to support industries such as national security, financial services, healthcare, energy, and infrastructure. Guidehouse collaborates with leaders to navigate complexity and drives transformational changes that impact the future. Their expertise spans data analytics, digital technologies, risk management, and more, with a strong emphasis on sustainability and innovation.

10,000+ employees

Founded 2018

💰 Grant on 2023-02

📋 Description

• We are seeking a technically skilled and compliance-driven DevSecOps Security Analyst to support DevOps work and cybersecurity operations for federal government contracts. • This role emphasizes hands-on implementation of system scan policies, configuration of monitoring tools, audit reporting, and identity and access management. • The analyst will ensure systems meet federal cybersecurity standards, while contributing to risk management and continuous monitoring efforts. • Develop, configure, and maintain system scan policies using tools such as Nessus, ACAS, and SCAP or the like. • Ensure scans align with federal vulnerability management requirements. • Deploy and manage security monitoring tools (e.g., Splunk, ArcSight, SolarWinds, Google Security Command Center) to support real-time threat detection and log aggregation. • Generate, analyze, and review audit logs and security reports to identify anomalies and ensure compliance with DHS internal control requirements. • Manage identity and access controls using platforms such as Okta, Google Workspace IAM, and Active Directory. • Ensure least privilege and role-based access policies are enforced. • Configure and run static and dynamic application security testing tools including Checkmarx, Fortify, Invicti, and WebInspect. • Analyze results and coordinate remediation with development teams. • Use tools like DbProtect to scan and assess database configurations, permissions, and vulnerabilities. • Apply and evaluate NIST SP 800-53 Rev. 5 controls; support control testing and documentation for A&A packages and continuous monitoring. • Assist in identifying vulnerabilities and tracking remediation efforts through Plans of Action and Milestones (POA&Ms). • Maintain system security documentation including SSPs, boundary diagrams, and scan results; communicate findings to stakeholders and technical teams. • Contribute to incident investigations and post-incident reviews; assist in implementing corrective actions and updating audit trails. • Evaluate and secure AI/ML applications and pipelines; implement controls for model integrity, data privacy, and adversarial threat mitigation.

🎯 Requirements

• U.S. Citizenship and eligibility for a Public Trust or Secret clearance. • Six(6) to Eight (8) years of experience in Cybersecurity, Information Systems or related field, preferably supporting federal contracts. in the similar fields. • Experience in implementing and maintaining DevSecOps • Experience in incident response, threat detection, and security monitoring for cloud-hosted web applications and infrastructure • Hands-on experience with vulnerability scanning tools, SIEM platforms, and IAM systems. • Working knowledge of Openshift, Kubernetes and Docker • knowledge of GCP Google Cloud Platform • Security practice of CI/CD pipelines using tools such as GitLab, Jenkins, Harness • Familiarity with SAST, DAST, WebInspect, Invicti • Strong analytical, organizational, and communication skills

🏖️ Benefits

• Medical, Rx, Dental & Vision Insurance • Personal and Family Sick Time & Company Paid Holidays • Parental Leave • 401(k) Retirement Plan • Group Term Life and Travel Assistance • Voluntary Life and AD&D Insurance • Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts • Transit and Parking Commuter Benefits • Short-Term & Long-Term Disability • Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities • Employee Referral Program • Corporate Sponsored Events & Community Outreach • Care.com annual membership • Employee Assistance Program • Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.) • Position may be eligible for a discretionary variable incentive bonus