Login.gov Security Engineer Tech Expert - Purple Team
This role is open for applications until Wednesday, February 1, 2023 at 11:59PM EDT.
Login.gov is hiring for the role of GS-15 Login.gov Security Engineer Tech Expert - Purple Team. There are several Login.gov teams hiring for this role. This page contains a summary of the Login.gov Security Engineer Tech Expert - Purple Team role. More details are available on the main Login.gov Security Engineer Technical Expert GS15 posting.
As a purple team technical expert, you will report to Login.gov’s security branch chief. In this fully remote position, you will work closely with Login.gov’s product and platform teams to improve Login.gov’s defensive capabilities. You will provide strategic guidance to Login.gov’s leadership team to set objectives for Login.gov’s security program. You will research emerging threats, build threat models, conduct threat hunts, and plan and execute purple team engagements.
If you have a passion for building a cybersecurity practice that considers the perspective of attackers and defenders, then this role will be a great fit for you.
Objective #1: Contribute to Login.gov’s Cybersecurity Practice
Conduct dynamic testing with tools such as BurpSuite, Zed Attack Proxy, etc.
Conduct threat hunts.
Identify and assess vulnerabilities associated with Login.gov’s application and cloud platform.
Develop threat models and build attack simulations and/or tactics, techniques, and procedures
Plan and execute purple team engagements throughout the product development lifecycle
Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to build and implement security in an open source, live services environment
Collaborate with User Experience, Infrastructure, and Application Developer Engineers to ensure changes to Login.gov’s product or infrastructure do not negatively impact security
Objective #2: Provide subject matter expertise on cybersecurity practices to Login.gov Leadership
Provide guidance on industry standards (e.g., NIST 800 series) and best practices to product managers and application developers
Develop standard operating procedures that improve Login.gov’s cybersecurity posture.
Collaborate with site reliability engineers to enhance cloud platform security engineering practices.
Improve Login.gov’s security operations via automation.
Communicate with internal and external partners to share Login.gov’s security posture, risk, and operational processes.
Contribute to security program goal setting and roadmapping activities.
Objective #3: Ensure Login.gov maintains its FedRAMP authorization
Maintain systems that comply with NIST-800-53 controls.
Develop and maintain artifacts for cybersecurity assessments
Participate in technical interviews for cybersecurity assessments
Prepare application developers, site reliability engineers, or platform engineers for technical assessment interviews
Propose changes to Login.gov development and site reliability engineering practices to better support automated compliance
Objective #4: Collaborate effectively on distributed, agile teams
Share knowledge and work collaboratively to integrate anti-identity fraud principles into product and engineering practices.
Participate in regular retrospectives and provide feedback to help improve the way the team works.
Promote a work environment of respect, diversity, equity, inclusion, accessibility, mutual support, continuous learning, and commitment to customer / partner needs.