Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Upcoming role

This role is not yet open for application. If you would like to learn more or if you'd like to be notified when the application is open, please sign up join our mailing list.

Login.gov - Security Ops Engineer

Login.gov will soon be accepting applications for a GS-15 - Security Ops Engineer.

Applications will be open for submission on TBD. Check out Join TTS Hiring Process to learn more about the application process.

Locations: Washington, DC; San Francisco, CA; Chicago, IL; New York, NY; Virtual (100% remote)

Salary Range: The base salary range for this position is: GS-15 Step 1 - $106,595 to GS-15 Step 10 $138,572

Please note the maximum salary available for the GS pay system is $166,500

The base salary range does not include any adjustment for locality. Your locality is most likely going to be determined by where you live since most of our positions are remote. If the position isn’t remote, then your locality will be determined by the location of the office where the position is based.

You can find more information about this in the compensation and benefits section on our site.

For specific details on locality pay, please visit OPM’s Salaries & Wages page or for a salary calculator OPM’s 2019 General Schedule (GS) Salary Calculator.

Who May Apply: All United States citizens and nationals (residents of American Samoa and Swains Islands) and applicants must not be GSA employees or contractors

Role Summary:

Security Ops Engineer - GS-15

Login.gov gives the public simple, secure access to multiple government services through one verified account. Login.gov has over 10 million users is growing the team as we scale quickly.

Login.gov is looking for qualified engineers to join our product team. We care deeply about providing the best possible experience to anyone using government digital services and we are committed to making the process easy while combating fraud and abuse of government systems. A qualified candidate is ready to quickly jump in and help in a number of areas: using security best practices and encryption to protect user data, improving the security of the application and its underlying infrastructure, using data and analytics to improve the platform and fight fraud, building in support for many multi-factor authentication options including Webauthn and PKI Authentication, providing the best possible identity verification experience, and generally improving the overall user experience.

The Security Ops Engineer role on the Login.gov team is perfect for you if you are a DevOps engineer who also practices the art of security with a passion for cybersecurity and a sound awareness of the latest threats and trends.

The Login.gov team operates like a startup within the government, working in the open as a distributed, agile team. The core product is open source, hosted in modern cloud infrastructure, and built for scale. Tens of millions of people have Login.gov accounts, and we aim to be the preferred entrypoint for all government digital services. Our users include people accessing benefits, applying for government jobs, serving in the military, and collecting funds awarded through grant programs.

As part of the Login.gov engineering team, you will play a key role in making government services more secure and accessible to the public.

Key Objectives

Objective #1: Operate within Cloud Services, ensuring security of sensitive data.

  • Guide and perform security activities including vulnerability testing and analysis, code review, static and dynamic code testing, ethical hacking and business logic exploit testing
  • Implement automation framework within cloud computing infrastructure around security events
  • Automate infrastructure security testing and penetration testing
  • Identify, analyze and correct security related issues within a open source, live services environment

Objective #2: Collaborate effectively on a distributed, agile team.

  • Work within a distributed, multidisciplinary agile team by participating in constructive discussions, openly sharing knowledge, and demonstrating value for technical and non-technical contributions
  • Demonstrate a strong understanding of the elements of agile methodology (scrum, kanban, and so on)
  • Work alongside DevOps Engineers to ensure that security vulnerabilities are assessed and fixed during development
  • Peer review code submitted by team members in a fair and respectful manner and have your own code peer reviewed by team members
  • Participate in regular retrospectives and provide feedback to help improve the way the team works
  • Take on self-guided initiatives that may be experimental in nature
  • Support a safe, inclusive workplace and a positive team culture where all team members value diversity and individual differences

Objective #3: Participate in decision-making that leads to a platform with the right balance of security and usability for end-users and integrating partners.

  • Provide perspective and expertise to help make product decisions
  • Contribute to building the product roadmap
  • Develop creative approaches to solve difficult problems with many constraints and competing interests
  • Interact with agency partners & lead partner engagements
  • Prioritize available work and direct effort towards the highest value goals

Application Evaluation

The information in this sections outlines the criteria that your application will be evaluated against to determine if you meet the Qualifications for the position. There are two very important things to note about this step in the process:

  1. Only applications found “minimally qualified” are shared with the hiring manager and are the only candidates eligible to be interviewed
  2. The Minimum Qualification determination can only be made using the information that’s directly within your resume and directly associated your listed work experience.
    • Examples of stuff that can’t be used:
    • Links to portfolios or other external materials (Yes, the links themselves may be “directly” on the resume but the information is not).
    • Information you include in cover letters, responses to questions, etc. as these are not directly associated with your work experience
    • Lists of tools, technologies, programming languages, etc. that are listed separately from your work experience

The Qualification process is a bureaucratic requirement that we are stuck with. It’s best to think about it as the most intense and rigorous resume review you’ve ever heard of. To get through this process you need make sure your resume directly reflects the Qualifications listed below. We also have more guidance on creating a federal style resume on Join TTS Hiring Process

Qualifications

All applications will be reviewed by a panel of subject matter experts against a scoring rubric created for this role. In order to properly be able to evaluate your previous experience, we recommend being as detailed as possible in your resume and following our general guidance on creating federal style resume.

To qualify for this role, you must have one year of specialized experience equivalent to the GS-14 in the Federal service. Specialized experience is:

  1. Experience being a part of a team to deliver digital products or services. This experience must include ALL of the following:
    • Delivering tools and measures to address new security threats
    • Experience in DevOps practices
    • Experience in Security Operations Center practices
  2. Experience providing technical expertise on projects or initiatives to deliver digital products or services. This experience must include ONE of the following:
    • Making architectural decisions that improves security of software and underlying services
    • Leading security incident response
    • Leading efforts to support governance, risk management and compliance activities
  3. Experience deploying, or securing a cloud infrastructure or platform. This experience must include TWO of the following:
    • Using a cloud computing platform
    • Using cloud computing infrastructure
    • Using integration or continuous deployment tools
    • Using infrastructure security monitoring tooling
    • Using infrastructure security vulnerability detection tooling
    • Developing and using software in a cloud and security services ecosystem

Qualification determinations cannot be made when resumes do not include the required information, so failure to provide this information may result in disqualification.

For each job on your resume, provide:

  • the exact dates you held each job (from month/year to month/year or “present”)
  • number of hours per week you worked (if part time)

How To Apply

If you would like to learn more or if you’d like to be notified when the application is open, please sign up join our mailing list.