SAIC has an opening for a Cyber Security DevSecOps Specialist. This position can be worked 100% remote nationwide. We are seeking a Senior Principle to support an Artificial Intelligence development environment in the highly regulated Government environment. This position will report to the Cyber Security Engineering Sr Manager. This role is a key business enabler to provide information security risk analysis and strategic recommendations for a current AI development project for a wholly owned subsidiary of SAIC. The candidate should have deep cyber, secure development, and governmental security experience and knowledge. Develops and implements security controls and formulates operational risk mitigations in FEDRAMP cloud environments Involved in a wide range of security decisions for an ongoing development project. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy and ensures these technologies meet current NIST 800-171 and CMMC requirements.
- Play a key role in the overall security system design of large scale AGILE development project.
- Provide Cyber guidance to a secure development team developing solutions for classified and unclassified government network environments.
- Guide the implementation of the required government policy (i.e. NIST SP 171, CMMC FEDRAMP, and makes recommendations on process tailoring as it applies to product development.
- Maintain and enhance the standing security systems, deploy new security capabilities and provide security engineering services to non-security specific IT efforts.
- Secure coding implementation and guidance of a development team. Implement secure coding gates and process into an AGILE development team processes.
- Develops advanced technological ideas and guides their development into a final product. Erroneous decisions or recommendations would typically results in failure to achieve critical organizational objectives and affect image of organization's technological capability.
- Participates with senior managers to establish strategic plans and objectives. Recommends/makes decisions on administrative or project work matters and ensures effective achievement of program, project, or organizational objectives.
- Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
- Maintain roadmaps, which include product selection, versions, upgrades, projects and milestones.
Bachelors and 14+ years of experience; Masters and 12+ years of experience; PhD or JD and 9+ years of experience.
- Experience with Continuous Integration and Continuous Delivery pipelines (CI/CD).
- Ability to meaningfully participate in code reviews and provide security guidance to software development teams.
- Experience with automated software security testing methodologies (SAST/DAST/SCA).
- Familiarity with microservice architectures and cloud-native technologies.
- Secure Software Lifecycle Professional Certification such as ISC2 CSSLP.
- Experience with Public Cloud Platforms Architecture and Deployment (AWS, Azure, GCP) configuration and administration of security features & services.
- Demonstrated experience working with senior management on highly sensitive projects that require the utmost discretion and maintaining strict confidentiality on all data, records, and tasks as required.
- Ability to effectively manage many different tasks simultaneously..
- Excellent written and communication skills.
- Maintain up-to-date detailed knowledge of the IT industry as it relates to the technologies identified as primary responsibilities including awareness of new or revised solutions and improved processes.
- Basic knowledge of Security Standards/Controls specified under various IT governance and compliance models (NIST, HIPAA, PCI, GDPR, ISO 27001 27002).
- Possession of industry certifications highly preferred. Including, but not limited to, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Global Information Assurance Certification (GIAC).
- Demonstrated ability to work in a fast-paced, deadline driven environment.
- Demonstrated excellence in a variety of competencies including teamwork/collaboration, analytical thinking, communication and influencing skills, and technical expertise.
Target salary range: $165,001 - $175,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.