This role is open for applications until Wednesday, February 1, 2023 at 11:59PM EDT.
Login.gov is hiring for the role of GS-15 Login.gov Security Engineer Tech Expert - Security Operations. There are several Login.gov teams hiring for this role. This page contains a summary of the Login.gov Security Engineer Tech Expert - Security Operations role. More details are available on the main Login.gov Security Engineer Technical Expert GS15 posting.
As a GS-15 security operations expert, you will report to Login.gov’s security branch chief. In this fully remote position, you will work closely with Login.gov’s product and platform teams to improve Login.gov’s security operations. You will play a key role in helping Login.gov’s security team implement best practices to improve Login.gov’s infrastructure and security posture. You will provide strategic guidance to Login.gov’s leadership team, provide feedback on security program objectives, and lead improvements to Login.gov’s cybersecurity practice.
Objective #1: Contribute to Login.gov’s Cybersecurity Practice
Contribute to security activities such as incident response wargames, infrastructure change review, or static and dynamic code scans and analysis.
Improve Software as a Service security controls (e.g., continuous monitoring, logging, incident response, auditing, forensics, access management).
Improve Login.gov’s SecOps practices, platform observability, or tooling.
Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to build and implement security in an open source, live services environment.
Collaborate with User Experience, Infrastructure, and Application Developer Engineers to ensure changes to Login.gov’s product or infrastructure do not negatively impact security.
Objective #2: Provide subject matter expertise on cybersecurity practices to Login.gov Leadership
Provide guidance on industry standards (e.g., NIST 800 series) and best practices to product managers and application developers
Develop standard operating procedures that improve Login.gov’s cybersecurity posture.
Collaborate with site reliability engineers to enhance cloud platform security engineering practices.
Improve Login.gov’s security operations via automation.
Communicate with internal and external partners to share Login.gov’s security posture, risk, and operational processes.
Contribute to security program goal setting and roadmapping activities.
Objective #3: Ensure Login.gov maintains its FedRAMP authorization
Maintain systems that comply with NIST-800-53 controls.
Develop and maintain artifacts for cybersecurity assessments
Participate in technical interviews for cybersecurity assessments
Prepare application developers, site reliability engineers, or platform engineers for technical assessment interviews
Propose changes to Login.gov development and site reliability engineering practices to better support automated compliance
Objective #4: Collaborate effectively on distributed, agile teams
Share knowledge and work collaboratively to integrate anti-identity fraud principles into product and engineering practices.
Participate in regular retrospectives and provide feedback to help improve the way the team works.
Promote a work environment of respect, diversity, equity, inclusion, accessibility, mutual support, continuous learning, and commitment to customer / partner needs.