AppSec Analyst/Engineer

Company: ECS Federal, LLC
Location: Fairfax
Posted on: May 28, 2023

Job Description:

ECS is seeking an AppSec Analyst/Engineer to work Remote. Job Description:Adhere to, track, measure and evaluate compliance across the enterprise for Application SecurityAppSec AnalystPerform all Application Security Analyst functions, within the Fortify SSC, Sonatype, Burp and Web Inspect security suite of toolsConduct scans forDHRA and DMDC applicationsEvaluate compliance, non-compliance, N/As and false positives and priority recommendations for development teams. Coordinate with the application owners, and other designated POCs or AppSec compliance analysis and feedback Conduct cybersecurity vendor tool analysis and provide security assessment of vendorsPerform data analysis and interpret results Collect data from across the enterprise and generate value added metrics and reportsCollaborate with leadership and government personnel to develop metrics based on enterprise situational awareness Maximize the use of existing tools to correlate information and synthesize data into usable and actionable events.Process all AppSec ServiceNow Tickets within the defined SLAMaintain AppSec SharePoint sites process flows and data for accuracy and reportingGenerate, track and coordinate POA&MSPerform analysis and tracking of POA&Ms' Not Applicable Status EngineeringSupport the technical implementation of existing and future cybersecurity toolsSupport client's cybersecurity architecture by providing active and engaged solutions to IT teams relative to security design and review processes. Ensure the effective operations of existing and future Cybersecurity ITConduct effective engineering, requirements development and documentation, enterprise architecture documentation (SPARXs) Develop cybersecurity capability requirementsEnhance the security posture, resilience, reliability of the customer's cybersecurity IT infrastructure and processes across on-premises and multiple cloud environmentsDevelop and maintain network diagrams, topology diagrams, and other process flow diagramsWork independently, as well as part of the Cybersecurity TeamCreate and maintain SOPs, TTPs, knowledge articles and daily checklists Prepare and present weekly presentation status slide Required Skills: Must be a US citizen, possess a DoD Top Secret clearance: Minimum vetting Tier 5 (T5)-Single Scope Background Investigation (SSBI)One of the following certifications for Active DoD 8570 IAT Level 3, IASAE Level 2, or IASAI 3 for compliance, including at least one of the following certifications in good standing: CISSP (or Associate), CASP+ CE, CISSP-ISSAP, CISSP-ISSEP, CCNP SecurityExperience with one or more programming languages such as Java, .net, C++ Bachelor's degree and 7+ years of Information Technology or Cybersecurity related experienceAbility to communicate effectively with government and contract leadership, while conveying highly technical concepts to both technical and nontechnical stakeholdersCapacity to thrive in a complex, fast paced environment with competing demands while delivering consistent, high-quality commitment to mission-critical systems and solutionsExcellent analytic skills, including qualitative and quantitative data analysis to support and defend data-driven decision-making regarding system threats, vulnerabilities, and riskKnowledge of DoD cybersecurity policies, practices, and requirements Desired Skills:Prior DMDC experienceProject Management experiencePrior Fortify experiencePrior Engineering/Administration experienceExperience in an enterprise environment (1500 servers plus 2500 workstations)Knowledge of DoD requirements including DISA STIGs and USCYBERCOM issuancesStrong troubleshooting skills ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, gender, age, national origin, citizenship, disability, veteran status or any other classification protected by federal, state, or local law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans. ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3000+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.PDN-99071041-b399-451f-95fa-002126a92a89

Keywords: ECS Federal, LLC, Washington DC , AppSec Analyst/Engineer, Engineering , Fairfax, DC