Application Security Engineer

Job Family:
Software Development & Support (Digital)

Travel Required:
None

Clearance Required:
Ability to Obtain Public Trust

What You Will Do:
Guidehouse is developing a system for a federal client that will modernize and consolidate multiple legacy systems into one web-based system using a microservices platform in the Azure Cloud. We are establishing a new team to design, develop and deploy the application incrementally using agile processes.

Our team's application security engineer will assess the team's applications throughout the software development lifecycle (SDLC) to ensure they are designed and built securely. He/she will be responsible for:

• Safeguarding applications by identifying associated threats, vulnerabilities, and risks, and implementing ongoing security testing and code review.
• Securely configuring application components (within the application).
• Advising development teams on strengthening authentication, access controls, and data protections, and monitor applications to detect intrusions.

Our Application Security Engineer will work as part of the application development team and collaborate closely with government and contractor stakeholders to define and document security requirements, plans, architecture, and FISMA paperwork required for the applications Authority to Operate (ATO).

Additional responsibilities include:

• Provide technical guidance and work associated with the implementation, evolution, and operations of the multi-layer authentication infrastructure to include authentication systems for a new application.
• Partner with system, infrastructure, application, and cybersecurity teams to determine/create integration strategies/patterns that allow secure access across programs and applications.
• Define and document security requirements for new application, identify the appropriate configurations.
• Identifies and documents application threats, vulnerabilities, and risks, and advises development teams how to protect against them.
• Ensures the security of the system lifecycle through code reviews and testing.
• Document, update, track and manage all application security documentation to include FISMA required security documents (System Security Plan, Incident Response Plan, Security Assessment Reports, Security SOPs, ISAs, MOUs) required for the application's Authority to Operate (ATO). Shepard all plans/documents through the Government process to ensure reviews and approvals are completed as planned.
• Keep in close coordination with Government and contractors to ensure timeliness of plan/documentation reviews and approvals.
• Works with Government and other stakeholders to ensure authentication controls are understood from a security perspective, and work with the development team to plan, develop and implement the solution.
• Configures the application and implements logging and monitoring of the application to detect signs of intrusion.
• Works with the development team to resolve findings from security scans, reviews, or penetration tests.
• Helping incident response teams respond to detected intrusions.
• Conducts protection needs assessment.
• Identifies security requirements to include those inherited by the client infrastructure, and those to be implemented within the application. Work with stakeholders to elicit and formally document security requirements.
• Develop the application's security architecture in collaboration with the development team.
• Perform and document threat assessment.
• Perform computer and communication security activities.
• Assesses the security posture associated with networking, security technologies, hardware and software development, test and evaluation.
• Supports vulnerability assessment, penetration testing, and supply chain risk management activities.
• Performs code reviews and conducts testing to ensure security is built in as planned.
• Evaluate and manage project compliance with NIST 800-53 controls and perform annual reviews to update the inventory of controls.
• Work with the development team to ensure the remediation of identified vulnerabilities and Plan of Action and Milestones (POA&Ms) are analyzed, understood, and resolved based on priority levels defined.

What You Will Need:

• US Citizen with the ability to obtain DHS Entrance on Duty (EOD) Clearance, Public Trust Equivalent (6-8 weeks processing time).
• High school diploma, or equivalent
• 6+ years of relevant experience

What Would Be Nice To Have:

• Bachelor's Degree in computer science, or other technical discipline.
• Security certifications such as CISSP, CISM, and/or CISA.
• Familiarity with TSA or similar DHS customer.
• Familiarity with CI/CD processes.
• Microservices experience
• Azure Cloud experience
• NIST 800-53 (essential skillset)
• FISMA Compliance (essential skillset)
• Single Sign On (SSO)/SAML (essential skillset)
• Personal Identity Verification (PIV) Cards (essential skillset)
• Two Factor Authentication (2FA)
• OKTA

The annual salary range for this position is $119,800.00-$179,700.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical, Rx, Dental & Vision Insurance
• Personal and Family Sick Time & Company Paid Holidays
• Parental Leave
• 401(k) Retirement Plan
• Group Term Life and Travel Assistance
• Voluntary Life and AD&D Insurance
• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
• Transit and Parking Commuter Benefits
• Short-Term & Long-Term Disability
• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
• Employee Referral Program
• Corporate Sponsored Events & Community Outreach
• Care.com annual membership
• Employee Assistance Program
• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
• Position may be eligible for a discretionary variable incentive bonus

About Guidehouse
Guidehouse is an Equal Employment Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, military status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender, gender identity or expression, age, genetic information, or any other basis protected by law, ordinance, or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.