Zantech

Security Specialist – Application Security Lead

Zantech

full-time

Posted on:

Location Type: Hybrid

Location: Camp SpringsMarylandUnited States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AnsibleAWSCloudEC2GoGrafanaJenkinsKubernetesOpenShiftPrometheusPythonRealmSplunkTerraformVault

About the role

  • Provides expert application security leadership, ensuring secure software delivery through integrated security controls, vulnerability management, and Zero Trust architecture implementation
  • Leads Security Engineers and Security Champions in embedding security throughout the software development lifecycle
  • Collaborates with the DevSecOps Lead to implement automated security testing in CI/CD pipelines
  • Establishes and maintains application security standards and best practices for USCIS OIT
  • Defines security controls and gates for integration within CI/CD pipelines
  • Designs Zero Trust architecture implementations covering identity, workload, network, and data protection
  • Leads integration of SAST and DAST tools
  • Implements container security scanning and vulnerability management (Aqua Security, Snyk)
  • Establishes Infrastructure as Code (IaC) security scanning and policy enforcement
  • Integrates secrets management (HashiCorp Vault) and secure credential handling
  • Identifies threats and measures potential vulnerabilities in systems, applications, and services
  • Conducts security assessments and coordinates penetration testing
  • Implements Zero Trust principles across Applications and Workloads realm
  • Designs and validates identity-based access controls (Okta, AWS IAM)
  • Implements policy-as-code using Open Policy Agent (OPA)
  • Automates enforcement of security and compliance controls

Requirements

  • Minimum 10 years of IT engineering experience
  • Minimum 5 years in DevSecOps, DevOps, or Platform Engineering roles
  • Minimum 3 years of federal government experience, preferably DHS or civilian agencies
  • Demonstrated experience designing and implementing enterprise CI/CD solutions
  • Experience with cloud-native application development and deployment
  • Track record of successful DevSecOps transformations in complex enterprise environments
  • Expert-level knowledge of CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, or similar)
  • Deep expertise with container orchestration platforms (Kubernetes, OpenShift, EKS, ECS)
  • Advanced proficiency with Infrastructure-as-Code tools (Terraform, CloudFormation, Ansible)
  • Strong scripting abilities (Python, Bash, PowerShell, Go)
  • Extensive experience with AWS cloud services (EC2, S3, Lambda, RDS, VPC, IAM, etc.)
  • Expert knowledge of Git workflows and version control strategies
  • Proficiency with security scanning tools (SonarQube, Veracode, Checkmarx, Twistlock, Aqua)
  • Experience with monitoring and observability tools (Prometheus, Grafana, ELK Stack, Datadog, Splunk)
Benefits
  • Competitive compensation
  • Strong benefits
  • Vacation package
  • Fast-paced and exciting work environment
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
application securityvulnerability managementZero Trust architectureautomated security testingCI/CD pipelinesSAST toolsDAST toolscontainer security scanningInfrastructure as Code (IaC)policy-as-code
Soft Skills
leadershipcollaborationcommunicationproblem-solvinganalytical thinking