Application Security Engineer

From zero trust architecture and cloud delivery to security automation and beyond, Easy Dynamics delivers cutting-edge innovation and steady guidance in an ever-changing IT landscape and we’re growing. Come join our team! 
We are a fast-paced organization that values our people and always strives for excellence. Our delivery practices lean heavily on Agile methodology and our technologists are top notch. The Easy Dynamics culture is one of connection and collaboration across teams to ensure that we always put our best foot forward. Being in growth mode means that we are small enough that no idea is too small for discussion, and everyone can be an impact player. 
Responsibilities:
• Provide application security expertise, continuous integration, software delivery, software quality, and systems documentation support to the agency’s digital assets, including the Bureau’s public- facing web site, consumerfinance.gov, as well as internal software tools;
• Work with the Application Development Team to discuss and implement security remediations for agency’s web products;
• Work closely with the agency’s Cyber Security and Systems Engineering teams to support compliance, secure baseline development, CVE remediation, and the use of best practices in an AWS FISMA moderate environment;
• Provide support to the agency’s Application Development Team in configuring and operating continuous integration and delivery (CI/CD) pipelines, incorporating security into build process using tools such as PrismaCloud, and identifying and resolving issues in the build-deploy- operation lifecycle;
• Use and apply the findings of robust application security monitoring tools, including assisting in the securing and maintenance of the agency’s website at consumerfinance.gov and internal software tools;
• Assist in building a strong technical foundation in build, release, and production using continuous integration tools such as Jenkins;
• Engage with various agency personnel to understand requirements in order to develop better software for the Bureau and identify new ways in which the development team can easily solve issues;
• Assist the agency’s Application Development team with security focus through participation in daily standup meetings, monitoring, development, and creating issues in the ticket system
• Provide training on a variety of security methodologies, best-practices, and tools along with insight into new technologies and solutions that could help the Application Team and the agency at large; and
• Assist in the development of Use Cases, Requirements Definition Documents, User and Administration Manuals, Detailed Design Specifications, and Training Manuals and Plans
Requirements:
• U.S. citizenship required
• Bachelor’s degree in related field
• At least 5 years of demonstrated experience in the following:
• Configure, operate, maintain, and monitor various application security tools and services
Experience working with vulnerability scanning tools to identify and resolve security vulnerabilities
• Expertise in integrating security testing in automated continuous delivery pipelines (Jenkins/Travis/Ansible)
• Experience working with a modern web development stack and toolchain
• Experience working with open source and community solutions
• Experience in FedRamp IaaS/SaaS
• Experience with monitoring software dependencies and automating the creation of an SBOM (software bill of materials)
• Collaborate, champion, and mentor software development teams and other stakeholders on secure software development, delivery, and operations
Salary Range: $110,000 - $130,000