Application Security Lead Engineer - Customer Value Partners, Inc
Bethesda, MD
About the Job
CVP is seeking an Application Security Lead Engineer to execute and support the implementation of a successful with specific focus on vulnerability management in an application development environment.
Responsibilities:- Analyze security needs, risks and requirements of custom systems.
- Provide solid understanding in vulnerability management and information security, including broadening awareness and use of the team services, education of security best practices and integration with other business areas.
- Provide mentorship and support to teammates regarding vulnerability assessment, communication/rapport with other divisions and various levels of leadership, technical expertise, and career development.
- Evaluate both system and application scans and architecture designs for security vulnerabilities providing remediation recommendations.
- Coordinate, build and maintain relationships with internal and external stakeholders to include system developers.
- Develop and improve KPIs, metrics, and trending for vulnerability management functions.
- Review and provide feedback on results generated by automated scanning tools.
- This shall include, but not be limited to, identification of false positives generated by those tools, either by using the data contained within the result set generated by the tools, or by manual investigation of the targets on which the testing tools identified security findings.
- Review and provide feedback on false positive, mitigation, or remediation evidence provided by IT stakeholders to determine the validity and completeness of any findings identified.
- Provide subject matter expertise concerning known vulnerabilities, and become knowledgeable of newly released vulnerabilities, and discuss methods of exploitation, methods of mitigation or remediation, severity of impact, difficulty of exploitation, and other pertinent considerations of vulnerabilities. This discussion may be required either verbally or via written presentation.
- Use prior knowledge and experience of security configurations and concepts to help create and review existing or new security policies.
- Document new, and update existing, processes and procedures used for the Vulnerability Management Program.
- Identify the applicable NIST security controls, HHS security policy items, or security policy items that correspond to any finding identified via manual or automated testing.
- Create and conduct presentations of the security testing processes/methodologies used, as well as general security best practices, regarding security of operating systems, databases, and network fabric devices, and related technology concepts.
- Act as a liaison to external audit functions. This activity could include conducting data calls and executing ISSO-specified or approved testing activities.
- Participate in any additional activities which directly support actions required within this Task.
- Additional activities may include participation in meetings, consultation with other teams, or documentation of task-specific requirements.
- Ensure all software applications are FISMA compliant.
- Must be eligible to obtain a Public Trust government security clearance.
- 4-year college degree in Computer Science or related field, and 2 years of experience or 5 years of experience in lieu of a college degree.
- Experience demonstrating strong analytical, troubleshooting and problem-solving skills for cybersecurity.
- Expertise of security standards and frameworks including: NIST CSF, FISMA, FedRAMP.
- Knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, threat management, and incident management.
- Solid understanding of cloud-based technologies such as AWS and Azure.
- Knowledgeable of Windows and UNIX/LINIX environments, MS SQL Server and Oracle DBs, and VMware.
- Excellent communication skills, both written and oral.
Desired Skills:
- CISSP, Security+, MCSE, A+, and/or other industry certifications.
- Understand of the following technologies:
- Drupal
- Jenkins
- Kubernetes
- Docker
- Public Key Infrastructure (PKI) and Secure Sockets Layer (SSL)
- Linux
- AWS, Azure
- Windows Server 2016-2022 Operating System
About CVP
CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation and build a healthy, safe, and equitable world—a future we call What’s Next.
What do we do? We do work that matters like advancing mental and behavioral health, streamlining immigration, and improving access and outcomes for underserved populations including Veterans, people experiencing homelessness, and rural American residents.
How do we do it? Our team of industry experts deliver integrated, innovative solutions in Healthcare Research & Technology, Digital Transformation, Data Science, Cybersecurity, Marketing Communications & Change Management, and Strategy & Transformation.
Why do we do it? Our core values define the CVP culture, guide our decisions, and enable our client-focused mission. We’re relentlessly focused on making a difference and building What’s Next for our clients and their customers.
We believe diversity, equity, and inclusion are essential components of our individual and collective success, and our commitment to hiring and supporting Veterans has earned us three HIRE Vets gold medallions. Join us to start or advance your career with a mission-focused firm transforming healthcare, enhancing security, and making government work better.
Customer Value Partners, LLC is a VEVRAA Federal Contractor and an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability. Customer Value Partners seeks to provide employment opportunities for protected veterans and individuals with disabilities.