Northramp is looking for a smart, creative Cloud Security Engineer interested in helping build something truly unique in our markets. For this project, you and your team will secure and enhance an enterprise platform that  improves the digital healthcare experiences for millions of Americans.

You will be part of a multi-disciplinary, agile foundational components team that is tasked with improving devsecops practices for modernizing enterprise government systems in healthcare.  We strive to automate all the things and build the highest quality secure systems with modern, cloud-native tools and emerging technologies.  This team acts as consultants, advisors, and implementers to assist those program teams to improve in security, stability, reliability, scalability, usability, quality, and efficiency. The project work is primarily remote but may require some client on-site work estimated at <10%.

  • Consult with and advise security engineers on the client program teams on security best practices.
  • Develop and enhance tools to extract metrics about the security posture of the program.
  • Run different security scans as needed.
  • Perform security code reviews and pair with teammates to ensure security best practices are followed throughout the entire development lifecycle.
  • Contribute to the design and architecture of software and infrastructure to ensure projects meet goals for security, scalability, maintainability, availability, and resiliency and should be able to clearly articulate and present the implications of design/architectural decisions, issues, and plans to leadership.
  • Facilitate technical designs, architecture and planning.
  • Embrace and enhance agile engineering practices such as delivering small narrow slices of functionality, Test Driven Development, Continuous Integration/Continuous Deployment, and Infrastructure as Code.
  • Swarm and pair with your team to design, code, test, debug, deploy and document secure software and infrastructure.
  • Provide expert troubleshooting services and support product development and data teams as a diagnostic expert to understand and document incident root causes.
  • Although you are a member of the foundational components team, you may work directly with other development teams as an “Embedded Liaison”. In this case, some of your time will be spent with your other team as a Liaison, while the rest is spent working with the foundational components team to build tools and solutions.
  • In addition, you will work with other security engineers across the team on larger security initiatives to support the entire division.


Required Qualifications

  • Extensive experience in Information Security, Cloud and Operations Security, Application Security, Threat Modeling and Risk Identification, Security Controls and Compliance, Pen testing, Dynamic and Static Scanning Tools.
  • The ability to facilitate the identification of relevant application security threats (Threat Modeling in particular) and to establish appropriate security control requirements and test plans.
  • Fluency with agile methods including Scrum.
  • Ability to write tested high-quality code efficiently
  • Demonstrated success in building design patterns and software engineering best practices
  • Experience with tools such as AWS Trusted Advisor and dynamic and static scanner analysis for heterogeneous code bases.
  • The ability to ensure that software and infrastructure is architected, designed, and implemented to avoid security-related logic flaws and other adverse security consequences.
  • Strong familiarity with OWASP Top 10 and ASVS, and the ability to train other engineers in the identification and remediation of application  vulnerabilities. 
  • The ability to provide guidance to other engineers on the appropriate selection and implementation of relevant application security controls.
  • Security and privacy knowhow sufficient to apply NIST RMF (800-43 rev 4) in application design and implementation
  • Application and understanding of assessing remediating STIG operating system and application baselines
  • Strong core Linux networking, shell scripting and administration skills
  • Knowledge and experience with several of the following:
    • Engineering experience with Python, Javascript, Java and Terraform
    • Experience with tools supporting DevSecOps and Continuous Delivery
  • Experience with Security Tools including: ZAP, Burp Suite, SonarCloud/SonarQube, Snyk, Nessus, SSL analysis tools, Packet analysis tools and AWS Security Hub.
  • A Bachelor’s degree (or higher) in Computer Science or a related field or equivalent experience
  • 6+ years of experience


Clearance

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Federal COVID-19 Vaccine Mandate

Based on the federal COVID-19 vaccine mandate posted on covered contractors, candidates must have received or be willing to receive the COVID-19 vaccination to be considered. Proof of vaccination is required. Medical and/or religious exemption requests will be considered. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

About Northramp

At Northramp, our passion, our true north, is to help our clients cut through the fog and obtain technical and operational clarity to help them make the most significant impact possible.  Focused like a laser on driving value for our clients, Northramp specializes in helping public and private sector clients streamline their IT operations, improve their technical services, and drive greater returns from IT investments.

If you are curious in learning more about Northramp, please visit our website at https://www.northramp.com.

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

Reasonable Accommodation Requests

Northramp is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please e-mail PeopleOPS@northramp.com or call: 703-772-5588 - Northramp Human Resources. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

EEO is the Law

The law requires Northramp to post a notice describing the Federal laws prohibiting job discrimination. For information regarding your legal rights and protections, please click on the following link: EEO is the Law and EEO is the Law Supplement.

Pay Transparency Non-Discrimination

Northramp will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.

E-Verify

As a Federal Contractor, Northramp is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information please click on the following link: E-Verify.


This position has been filled.