As a security analyst technical expert, you will report to Login.gov’s security branch chief. In this fully remote position, you will work closely with Login.gov’s product and platform teams to improve Login.gov’s defensive capabilities. You will play a key role in helping Login.gov’s security team implement best practices to protect user data, secure Login.gov’s application and infrastructure, and combat fraud and abuse. You will provide strategic guidance to Login.gov’s leadership team, provide feedback on security program objectives, and lead improvements to Login.gov’s cybersecurity practice.
Objective #1: Contribute to Login.gov’s Cybersecurity Practice
Contribute to vulnerability testing and analysis, incident response and analysis, alert response and analysis activities.
Conduct data analytics activities to support monitoring, detecting, defending against, or responding to security incidents.
Automate data analytics or security processes by using object-oriented languages (e.g., Python).
Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to build and implement security in an open source, live services environment.
Collaborate with User Experience, Infrastructure, and Application Developer Engineers to ensure changes to Login.gov’s product or infrastructure do not negatively impact security.
Objective #2: Provide subject matter expertise on cybersecurity practices to Login.gov Leadership
Provide guidance on industry standards (e.g., NIST 800 series) and best practices to product managers and application developers
Develop standard operating procedures that improve Login.gov’s cybersecurity posture.
Collaborate with site reliability engineers to enhance cloud platform security engineering practices.
Improve Login.gov’s security operations via automation.
Communicate with internal and external partners to share Login.gov’s security posture, risk, and operational processes.
Contribute to security program goal setting and roadmapping activities.
Objective #3: Ensure Login.gov maintains its FedRAMP authorization
Maintain systems that comply with NIST-800-53 controls.
Develop and maintain artifacts for cybersecurity assessments
Participate in technical interviews for cybersecurity assessments
Prepare application developers, site reliability engineers, or platform engineers for technical assessment interviews
Propose changes to Login.gov development and site reliability engineering practices to better support automated compliance
Objective #4: Collaborate effectively on distributed, agile teams
Share knowledge and work collaboratively to integrate anti-identity fraud principles into product and engineering practices.
Participate in regular retrospectives and provide feedback to help improve the way the team works.
Promote a work environment of respect, diversity, equity, inclusion, accessibility, mutual support, continuous learning, and commitment to customer / partner needs.