Information Security Engineer, DevSecOps

30 Jun 2024

Vacancy expired!

Job Type: Regular

Information Security Engineer, DevSecOpsRAND Information Security

The RAND Corporation seeks an Information Security Engineer, DevSecOps, with a strong background in both cybersecurity and API-driven automation and orchestration to join the Information Security Architecture and Engineering team.
  • The Architecture and Engineering team applies next generation technologies to combat the efforts of advanced persistent threat (APT) adversaries in their attempts to infiltrate and disrupt RAND's computing services.
  • The candidate will apply their experience to streamline ongoing operations while identifying and pursuing opportunities to continuously improve the impact and reliability of our cyber deterrence capabilities applying zero trust architecture (ZTA) network principles through API-driven automation to integrate systems, orchestrate workflows and perform quality assurance checks on network and system configurations.
  • The engineer will identify, design, and develop solutions to integrate systems for better interoperation, facilitate continuous quality control of systems configurations, and streamline the analysis of systems vulnerabilities and assist with threat hunting.
  • As RAND transitions the bulk of its computing services to cloud infrastructure and services, this role will work with others on the team to identify areas where automation could benefit the cloud security posture.
  • The information security team plays an integral role in securing all of RAND's information systems by setting and verifying security and policy requirements.
  • Additionally, RAND's information security professionals have the unique experience of being able to work with RAND's cyber policy researchers in support of their policy analysis on emerging cyber threats on ransomware, autonomous vehicles, health care services, critical infrastructure, and our national security capabilities.

DUTIES AND RESPONSIBILITIES AND OTHER SUCCESS CRITERIA

The following duties and responsibilities are expected of the position:
  • Developed automated orchestration routines to ensure ongoing protection of cloud services,
  • Design and develop solutions to integrate systems across the network to improve interoperation as well as to continuously verify systems configuration against baselines,
  • Identify, select, and deploy emerging cloud and hybrid cloud security services across RAND's cloud services,
  • Diagnose and troubleshoot cyber-related network and system performance deficiencies,
  • Contribute to the development and maturation of the cybersecurity strategy and roadmap,
  • Apply engineering principles to the management of RAND's cyber infrastructure services,
  • Work with all of RAND's software and web development teams to ensure sound security practices and security is designed and built into the applications from the ground up.
  • Initiative-taking and fully responsible for leading technology deliverables, analyzing gaps and driving improvements to RAND's cyber-deterrence capabilities,
  • Provide input to security policies and standards in accordance with changes in regulations, best practices, industry trends or controls required by RAND contracts and grants.
  • Experience with relational and NoSQL database technologies
  • Experience with C/C#, web frameworks (e.g., Django, Flask or React), Java, JavaScript, Python, Docker and other abstraction and containerization technologies
  • Experience designing, implementing, and maintaining cybersecurity configurations in network, boundary appliances or application services
  • Some experience working with leading SaaS platform APIs such as Workday, Salesforce or Office 365

MINIMUM QUALIFICATIONS
  • A minimum of 5 years' experience in engineering and cyber deterrence with 3 years' experience in software engineering with languages such as JavaScript and Python
  • A minimum of 3 years' experience with at least one of AWS, Azure or GCP
  • Cloud orchestration technologies including such as AWS CloudFormations, Azure Kubernetes, and Durable Orchestration
  • Hybrid cloud security platforms such as Armor Anywhere and Cloudvisory
  • Secure coding standards including OWASP
  • Securely managing credentials and secrets for general coding and cloud APIs
  • Cyber forensics - conducting cyber investigations and diagnosing indicators of compromise
  • Proficiency with infrastructure as code, configuration management and version control systems
  • Requirements' definition, gap analysis and technology assessment and selection
  • Industry engagement - ND-ISAC, RSA, Blackhat and others
  • Understanding of capabilities central to securing enterprise networks including end point protection, detection and response services, network intrusion detection and prevention systems, behavior-based malware detection, and memory forensics

Stand-out qualifications that would put you ahead of other candidates
  • Lead developer responsible for the full stack development of a multitier application responsible for auditing, ensuring the compliance or assisting with threat hunting on a network
  • Developed a cyber solution that applied machine learning techniques to advance network security, visibility, or adherence to the security governance

EDUCATION AND CERTIFICATIONS
  • A Bachelor's Degree in Computer Science or equivalent field of study
  • One or more IT and Cyber Security certifications such as AWS Certified Security, Azure Security Engineer Associate, CSK, CCSP, CISSP, CISA, GCSA, and Security+

CLEARANCE REQUIREMENTS

The selected individual must have the ability to obtain and maintain at least a DoD Secret clearance and/or DHS Fitness designation.

LOCATION

This position may have the feature of offering a 100% remote work arrangement.

Equal Opportunity Employer: race/color/religion/sex/sexual orientation/gender identity/national origin/disability/vet