Security Assessment Engineer
ayush.dwivedi@stefanini.comOpen to W2 Candidates only! US Citizens! We are seeking a skilled Security Assessment Engineer to join our team. The ideal candidate will be instrumental in supporting the adoption of DevSecOps principles and automating assessment services to ensure continuous authorization to operate within our organization.
This is a unique position that must be able to flex between security engineering, security control automation, development, and assessor roles in a NIST based risk management environment. The candidate must possess skills that include experience with:Test design, performance testing, test architecture, configuration management, troubleshooting, excellent verbal and written and communication skills both horizontally and vertically, performing manual testing with agility and interaction, be proficient in continuous delivery, Agile, and DevOps.
Key Responsibilities:-Support DevSecOps initiatives by developing and implementing test-driven security within a CI/CD pipeline-Create automation to support the NIST Risk Management Framework (SP800-37, SP800-53/53a).-Develop and track Plan of Action and Milestones (POA&Ms) to address identified security vulnerabilities and compliance gaps.-Able to document clear and repeatable process and train others to be able to perform automated assessment reviews.-Develop and implement security assessment automation tools to support DevSecOps practices.-Collaborate with development teams to integrate security assurance into the CI/CD pipeline.-Conduct security assessments and risk analyses on new and existing software.-Provide Subject Matter Expertise in the creation of security policies, standards.-Develop and document procedures specific to the role.-Work closely with compliance teams to ensure continuous monitoring and authorization.-Assist in developing security training and awareness for technical staff.-Stay current with evolving security landscape, industry trends, tools, and best practices.