Lead Security Engineer
Apply NowCompany: IT Accel, Inc.
Location: Mount Laurel, NJ 08054
Description:
This role involves defining a strategic roadmap for compliance validation in line with Enterprise Protect guidelines. The position primarily focuses on projects and products, leading the validation of requirements and specifications at both high and low levels.
The role includes maintaining a framework or solution that supports efficient, reliable, scalable, and secure solutions to meet business security needs and technology strategies. This entails planning, evaluating, recommending, and implementing security checks across platforms like Azure, GCP, AWS, and within CI/CD pipelines.
Qualifications
Responsibilities
The role includes maintaining a framework or solution that supports efficient, reliable, scalable, and secure solutions to meet business security needs and technology strategies. This entails planning, evaluating, recommending, and implementing security checks across platforms like Azure, GCP, AWS, and within CI/CD pipelines.
Qualifications
- At least 15 years of experience in IT
- Minimum of 2 years in a leadership position
- Familiarity with the Risk Management Framework (RMF) and its implementation across various phases of large programs
- Understanding of security standards and frameworks, rules, regulations, and system trust principles such as FedRAMP, FIPS, STIGs, NIST SP 800 Series
- Strong analytical and problem-solving skills with clear and effective communication abilities
- Change-oriented mindset with a focus on generating process improvements and driving change initiatives
- Experience with the system authorization process and related artifacts (e.g., SSP, SCTM, Security CONOPs, SOPs)
Responsibilities
- Assess DevOps implementation for assigned programs to ensure compliance with client standards
- Provide leadership to software developers for maintaining compliance with requirements
- Oversee the development of CI/CD pipelines within a software development environment utilizing tools such as GitHub, Jira, Aqua, Wiz.io, Azure Policy, and GCP Org Policy
- Recommend integrated security solutions for multiple classified information systems
- Offer systems engineering and integration support for newly developed capabilities aimed at Test, Staging, and Operational environments
- Facilitate the creation, documentation, and presentation of information system security education, awareness, and training activities
- Ensure system security measures align with applicable policies, provide configuration management, and accurately assess the impact of modifications and vulnerabilities
- Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, ensuring all security features are implemented and functional