Job Description

DevSecOps Analyst
Job Number: 20-04864
 
Make your mark where innovation is the rule.  Our client is looking for a DevSecOps Analyst in Reston, VA.
 
Eclaro’s client is a leading educational non-profit, committed to advancing educational opportunities around the world. If you’re up to the challenge, then take a chance at this rewarding opportunity!
 
Position Overview:
  • A driven, motivated, self-starter DevSecOps Analyst to support the DevSecOps initiatives.
  • Detail oriented and creative contributor to a bleeding-edge cloud and application security team whose mission is to enable the agile development of secure and reliable cloud-based solutions.

Responsibilities:
  • Act as a liaison between  Partner teams (both in IT and outside of IT) and the Information Security Office.
  • Work to promote, grow, and enhance the Partners program to promote Security Champions and enable dev teams to shift left.
  • Generate, coordinate reviews of and deliver key metrics and KPI's to Development teams and Sr Leadership.
  • Act as a Liaison between Partner Teams and GRC team to ensure compliance activities and findings are resolved in a timely manner.
  • Work with other team members to implement and support security tooling, including reporting, documentation, and end user training.
  • Work with team members to identify application security weaknesses and provide recommendations for remediation.
  • Participate in application vulnerability reviews and remediation with dev teams and stakeholders.
  • Document and communicate application risks and vulnerabilities to technical stakeholders.
  • Provide risk assessments and data-driven recommendations to management to increase or improve our security footprint.
  • Support and Deliver DevSecOps Services (consulting, tool access, vulnerability management, etc.).
  • Support assigned Dev teams with the various platforms we support, including training, troubleshooting, tuning.
  • Actively participate in planning and grooming as part of agile ceremonies and manage assigned work.
  • Work with a broader Information Security team on incident response and operational/strategic initiatives as needed.
  • Participate in evaluating and promoting new and existing security standards, tools, and solutions with a focus on automation and securing build pipelines for a shift left approach.

Qualifications
  • Professional training and 1-3 years of technology related experience required.
  • One or more security certifications such as Security+ certification would be ideal.

Preferred Skills:
  • Excellent communication skills, written and verbal.
  • Highly organized and efficient, able to work independently.
  • Strong analytical thinking and ability to generate data driven solutions.
  • Must have awareness of common AWS Services.
  • Familiarity with compliance requirements (ISO, PCI, PII, etc.) a plus
  • Some experience with hands on programming languages (Java, node.js, Python, PHP, JavaScript, etc.)
  • Awareness of common vulnerabilities such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.
  • Experience with RESTful web services and API's a plus.
  • Knowledge of Web Application Firewall (WAF).
  • Awareness of Microservice architecture.
  • Familiar with DAST, SAST and Pen Testing practices and tools.
  • DevSecOps or DevOps experience and CI/CD frameworks and automation.
  • Windows and/or Linux hardening techniques a plus.
  • Familiar with OWASP/ SANS application vulnerabilities.
  • Awareness of Secure Code Review methodology.
  • Experience with Web and Application Servers such as IIS, Apache, Tomcat.


If interested, you may contact:
Carlo Flores
Carlo.Flores@eclaro.com        
6466952934
Carlo Flores | LinkedIn

 
Equal Opportunity Employer: Eclaro values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status. 

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online