OUR BENEFITS

We provide competitive benefits including heath, dental, long and short term disability, 401(k) plan, and direct deposit as part of your total compensation package.

CURRENT OPENINGS

Are you ready to be challenged and recognized for your achievements? Apply below if you are an ethical, forward-looking person focused on customer satisfaction and delivering on-time solutions.

EQUAL OPPORTUNITY EMPLOYER

SBD is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at SBD will be based on merit, qualifications, and abilities. SBD does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").



Senior Security Engineer and Cyber Security Team Lead

Location: Fairfax, VA
Date Posted: 08-07-2017
Solutions By Design II, LLC (SBD) is seeking a talented Senior Security Engineer and Cyber Security Team Lead to join our team in support of a program with our federal Health IT customer. The ideal candidate should have strong cyber security engineering experience in a cloud and web application development environment. This individual will be responsible for the application security of a large, complex, high transaction volume cloud-based application.  The individual will perform Application Static and Dynamic analysis, review reports and identify resolutions. The individual will work with the project team in analyzing and identifying the resolution for infrastructure scans. The Security Engineer will analyze the software design and implementations from a security perspective during the software development lifecycle and provide technical input and architecture / design recommendations to ensure that security is “baked in” and not “added on” to the system.
This individual must possess strong technical skills coupled with interpersonal and communication skills to both provide guidance to application software development team members. This person must possess a strong background implementing internet security technologies.
Responsibilities fall into three areas and include:
Security Engineering Subject Matter Expertise:
  • Experience with Java based middleware for enterprise integration technology
  • Perform ongoing security testing and application code reviews from a security vulnerability perspective
  • Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
  • Develop architectural designs for solutions to business problems
  • Assist management team with analyzing applications, infrastructure vulnerability reports and identifying the application specific remediation
  • Should be knowledgeable in web application dynamics and static analysis reports and identify the resolution
  • Strong experience in System Architecture, Design, Development and integration and deployment of multi-tier mission critical web Application systems
  • Mentor development teams on use of secure coding practices and evangelize secure software development practices and processes
  • Perform threat analysis of identity and access management services
  • Present application security architectures and designs to customers and management team
 
Security Authorization and Governance Guidance and Leadership:
  • Lead efforts on behalf of team to navigate through customer authority to operate (ATO) process and requirements
  • Prepare artifacts and input to facilitate organizational acceptance of system security capabilities
 
Security Team Management:
  • Serve as security team lead within overall project organization, providing day to day vision, direction, guidance and tasking to security team resources
 
Skills/Qualifications (Required):
  • To be considered for this role, candidates must have:
    • 5+ years progressively increasing experience architecting, designing, implementing, and testing security with development team(s) that delivered commercial-grade enterprise software systems. Agile delivery experience preferred.
    • Demonstrated experience in correlating industry standard security controls (e.g.. FISMA, NIST 800-53, OWASP ISO IEC 27035) towards informed and  compliant application and/or systems design. Experience with preparation and/or remediation activities for independent audits, accreditations, and ATOs is desirable.
    • 2+ years experience with cloud-based web applications, including experience with virtualization
    • Strong experience and detailed technical knowledge in security engineering, operating system, application and network security, authentication and security protocols, cryptography, public-key infrastructures
    • Experience with the application of threat modeling or other risk identification techniques
    • Experience and knowledge of vulnerability classes, mitigations and defense in depth mechanisms for operating systems and networks
    • Development experience in C, C++ and/or Java and scripting skills
  • Candidates must demonstrate strong oral and written communications and be able to work in fast-paced, highly collaborative Agile team environment.
  • Demonstrated success in building meaningful and productive relationships with colleagues, customers and business partners.
  • Required Personal Skills for Cloud Security Engineer:
    • CISSP Certification is essential for this position
    • Application penetration testing experience
    • Minimum 6 to 8 years’ work experience with 2 years as application security engineer analyzing the application modules for enhancing the application security
    • Must have led the design, development, and deployment of at least one significant Web application or product
    • Knowledge and demonstrated experience designing multi-tier, highly available, multi-threaded, scalable architectures
    • Deep Java knowledge, certified developer or expert-level knowledge with Java and related technologies such as J2EE, EJB, JMS, JDBC, JSF, Facelets, Richfaces and Java Servlets.
    • Experience in developing, deploying REST API or SOAP based Web Services for application integration services.
    • Expert proficiency with Java-based application servers and Apache Tomcat.
    • Hands-on experience with HTML5, CSS, jQuery, Ajax and related frameworks (such as bootstrap) a plus.
    • Expert proficiency with Java-based application servers and Apache Tomcat servlet container.
    • Demonstrated application of architectures and designs that employ design patterns Strong database background and experience with Oracle or MS SQL Server.
    • Highly developed oral and written communication skills as well as presentation skills. Interest in all aspects of application security research and development
    • Familiarity with fundamentals of software configuration management, automated build processes, and source code control systems
  • All applicants shall have lived in the United States for at least three (3) out of the last five (5) years
  • Must be able to pass a CMS-specific Public Trust background investigation
  • CSSLP certification from ISC2
 
Technical Skills:
  • Manual and/or automated code analysis experience
  • Application penetration testing experience
  • Knowledge of hardware architectures for large-scale cloud based web application infrastructures including clustering, high-availability, fault tolerance, etc., is a plus.
  • Experience with PKI, Hardware Cryptographic Modules are desirable
  • Knowledge of and implementation experience with JCE is highly desirable
  • Familiarity with fundamentals of software configuration management, automated build processes, and source code control systems
  • Experience with the following tools and technology is preferred: JIRA, GitHub, Confluence, Slack, Jenkins C.1, Elasticsearchm, Postgresm, JS Hint, Jasmine, Grunt-devperf, SonarQube, Nagios, HP Fortify, Maven Nexus, Selenium, Java/Javascript, Git, Chef, Icinga, Graylog, Docker Registry, Docker Composed, Docker machine
 
 
Solutions By Design II, LLC (SBD) is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at SBD will be based on merit, qualifications, and abilities. SBD does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age, IWDs, Veteran Status or any other characteristic protected by law (referred to as "protected status").
this job portal is powered by CATS