Login.gov Security Engineer Tech Expert - Analyst

Login.gov is hiring for the role of GS-15 Security Engineer Tech Expert - Analyst. There are several Login.gov teams hiring for this role. This page contains a summary of the Login.gov Security Engineer Tech Expert - Analyst role. More details are available on the main Login.gov Security Engineer Technical Expert GS15 posting.

Role summary

As a security analyst technical expert, you will report to Login.gov’s security branch chief. In this fully remote position, you will work closely with Login.gov’s product and platform teams to improve Login.gov’s defensive capabilities. You will play a key role in helping Login.gov’s security team implement best practices to protect user data, secure Login.gov’s application and infrastructure, and combat fraud and abuse. You will provide strategic guidance to Login.gov’s leadership team, provide feedback on security program objectives, and lead improvements to Login.gov’s cybersecurity practice.

Key objectives

Objective #1: Contribute to Login.gov’s Cybersecurity Practice

• Contribute to vulnerability testing and analysis, incident response and analysis, alert response and analysis activities.
• Conduct data analytics activities to support monitoring, detecting, defending against, or responding to security incidents.
• Automate data analytics or security processes by using object-oriented languages (e.g., Python).
• Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to build and implement security in an open source, live services environment.
• Collaborate with User Experience, Infrastructure, and Application Developer Engineers to ensure changes to Login.gov’s product or infrastructure do not negatively impact security.

Objective #2: Provide subject matter expertise on cybersecurity practices to Login.gov Leadership

• Provide guidance on industry standards (e.g., NIST 800 series) and best practices to product managers and application developers
• Develop standard operating procedures that improve Login.gov’s cybersecurity posture.
• Collaborate with site reliability engineers to enhance cloud platform security engineering practices.
• Improve Login.gov’s security operations via automation.
• Communicate with internal and external partners to share Login.gov’s security posture, risk, and operational processes.
• Contribute to security program goal setting and roadmapping activities.

Objective #3: Ensure Login.gov maintains its FedRAMP authorization

• Maintain systems that comply with NIST-800-53 controls.
• Develop and maintain artifacts for cybersecurity assessments
• Participate in technical interviews for cybersecurity assessments
• Prepare application developers, site reliability engineers, or platform engineers for technical assessment interviews
• Propose changes to Login.gov development and site reliability engineering practices to better support automated compliance

Objective #4: Collaborate effectively on distributed, agile teams

• Share knowledge and work collaboratively to integrate anti-identity fraud principles into product and engineering practices.
• Participate in regular retrospectives and provide feedback to help improve the way the team works.
• Promote a work environment of respect, diversity, equity, inclusion, accessibility, mutual support, continuous learning, and commitment to customer / partner needs.

Preparing to apply

This Join TTS site has information about the application process and how to prepare a government-style resume.