Cloud Security Engineer

Acuity is seeking a Cloud (Agnostic) Security Engineer to support the Application Vulnerability Assessment Program in Diplomatic Technology.  This individual will work in a team environment to set up and maintain environments used for web and static code analysis and development vulnerability scanning across multiple cloud environments.

This is a hybrid position working onsite one day a week in Washington, DC.

• Strong understanding of DevSecOps tools and processes and OWASP top risks and mitigations.
• Conduct security scans and use vulnerability scanning tools such as: Fortify, GitLab, GitHub and/or SonarQube.
• Review and validate outputs of code scans to assist customers in identifying true positives and provide appropriate remediation guidance.
• Install, configure, operate and monitor CI/CD pipeline tools.
• Develop and maintain Windows-based scripts for automated tasks such as regular upgrades, deployments, and maintenance.
• Knowledge of NIST's Secure Software Development Framework and how code scanning tools align.
• Troubleshoot systems via log analysis, both frequent and infrequent technical issues related to CI/CD pipeline run errors. Identify the root cause and provide timely resolution.
• Apply strong technical writing skills to ensure infrastructure is well-documented and processes are repeatable by writing SOPs.

• Bachelor's Degree with experience in a related Information Technology field.
• Programming/scripting experience in Python/PowerShell to design and implement automation to streamline processes.
• Solid understanding of other core programming languages such as C#/.NET, Java, Node.js, PHP, etc. to aid in troubleshooting of customer CI/CD pipelines.
• Proven experience using vulnerability scanning tools such as: Fortify, GitLab, GitHub and/or SonarQube.
• Previous work writing/developing CI/CD pipelines using YAML, maintaining/configuring build agents, and generating documentation and statements of procedures for these processes.
• Experience integrating static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and other application security tools (i.e., IaC scanning, container security, etc.) into CI/CD pipelines to automate security testing.

 Clearance Requirement:

• MUST have an active Top Secret security clearance.

About Acuity Inc:

Acuity is a leading management and technology consulting firm that specializes in serving the federal government. Our innovative, collaborative and rewarding work environment has earned repeat honors from the Washington Business Journal’s Best Places to Work and SmartCEO Corporate Culture awards. 

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.

© Acuity INC; 11710 Plaza America Drive; Suite 700; Reston, VA 20190; USA