• Security Specialist / Application Security Lead

    Zantech (MD)


    Are you looking for your next challenge? Are you ready to work with a performance-based small company? At Zantech, we are a dynamic Woman Owned Small Business focused on providing complex, mission-focused solutions with a proven track record of outstanding customer performance and high employee satisfaction. We would love to talk with you regarding the next step in your career. Come join our team!

     

    Zantech is looking for a talented Security Specialist / Application Security Lead to contribute to the success of our upcoming Applied and Emerging Technology Support project for a Hybrid role based out of Camp Springs, MD.

     

    The Security Specialist / Application Security Lead provides expert application security leadership, ensuring secure software delivery through integrated security controls, vulnerability management, and Zero Trust architecture implementation. This role leads Security Engineers and Security Champions in embedding security throughout the software development lifecycle and collaborates with the DevSecOps Lead to implement automated security testing in CI/CD pipelines.

    Responsibilities include, but will not be limited to:

    + Application Security Strategy & Architecture

    + Establish and maintain application security standards and best practices for USCIS OIT

    + Define security controls and gates for integration within CI/CD pipelines

    + Design Zero Trust architecture implementations covering identity, workload, network, and data protection

    + Security Integration in CI/CD Pipelines

    + Lead integration of SAST and DAST tools

    + Implement container security scanning and vulnerability management (Aqua Security, Snyk)

    + Establish Infrastructure as Code (IaC) security scanning and policy enforcement

    + Integrate secrets management (HashiCorp Vault) and secure credential handling

    + Vulnerability Management & Threat Assessment

    + Identify threats and measure potential vulnerabilities in systems, applications, and services

    + Conduct security assessments and coordinate penetration testing

    + Track vulnerability remediation SLAs and metrics

    + Zero Trust Architecture Implementation

    + Implement Zero Trust principles across Applications and Workloads realm

    + Design and validate identity-based access controls (Okta, AWS IAM)

    + Establish micro-segmentation and workload isolation patterns

    + Policy-as-Code & Compliance Automation

    + Implement policy-as-code using Open Policy Agent (OPA)

    + Automate enforcement of security and compliance controls

    + Support ATO/Continuous Authorization processes with automated security control validation

    Required Experience or Knowledge of the following technologies/functions:

    Experience:

    + Minimum 10 years of IT engineering experience

    + Minimum 5 years in DevSecOps, DevOps, or Platform Engineering roles

    + Minimum 3 years of federal government experience, preferably DHS or civilian agencies

    + Demonstrated experience designing and implementing enterprise CI/CD solutions

    + Experience with cloud-native application development and deployment

    + Track record of successful DevSecOps transformations in complex enterprise environments

    Technical Skills (Required):

    + Expert-level knowledge of CI/CD tools (Jenkins, GitLab CI/CD, GitHub Actions, or similar)

    + Deep expertise with container orchestration platforms (Kubernetes, OpenShift, EKS, ECS)

    + Advanced proficiency with Infrastructure-as-Code tools (Terraform, CloudFormation, Ansible)

    + Strong scripting abilities (Python, Bash, PowerShell, Go)

    + Extensive experience with AWS cloud services (EC2, S3, Lambda, RDS, VPC, IAM, etc.)

    + Expert knowledge of Git workflows and version control strategies

    + Proficiency with security scanning tools (SonarQube, Veracode, Checkmarx, Twistlock, Aqua)

    + Experience with monitoring and observability tools (Prometheus, Grafana, ELK Stack, Datadog, Splunk)

    Technical Skills (Highly Desired):

    + Experience with service mesh technologies (Istio, Linkerd)

    + Knowledge of policy-as-code tools (OPA, Kyverno, Sentinel)

    + Familiarity with Backstage.io (especially relevant for USCIS Backstage)

    + Experience with API gateway and management solutions

    + Knowledge of secrets management tools (Vault, AWS Secrets Manager)

    + Understanding of software bill of materials (SBOM) and supply chain security

    Federal & DHS-Specific Knowledge:

    + Understanding of Zero Trust Architecture principles and implementation

    + Knowledge of FedRAMP, FISMA, and NIST frameworks (800-53, 800-171)

    + Familiarity with DHS security requirements and authorization processes

    + Understanding of Section 508 compliance requirements

    + Experience with AWS GovCloud and FedRAMP-authorized services

    + Knowledge of continuous ATO (cATO) processes

    Technical Skills:

    + Expert: SAST/DAST tools (Checkmarx, Fortify, SonarQube, Burp Suite, OWASP ZAP)

    + Expert: Container scanning (Aqua Security, Snyk, Twistlock)

    + Expert: AWS Security services (Security Hub, GuardDuty, Config, IAM)

    + Proficient: Open Policy Agent, HashiCorp Vault, Okta

    + Proficient: Kubernetes security, Zero Trust architecture

    + Knowledge: NIST 800-53, OWASP Top 10, FedRAMP

    Preferred Experience or Knowledge of the following technologies/functions:

    USCIS-Specific Experience (Highly Desired):

    + Experience with DHS or USCIS security requirements and controls

    + Hands-on experience with DHS security authorization processes (ATO/Continuous Authorization)

    + Understanding of immigration data sensitivity and PII protection requirements

    Required Education/Certifications:

    + Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, or related field

    + Master's degree preferred

    + Certifications (Recommended - Minimum 1)

    + Certified Information Systems Security Professional (CISSP)

    + AWS Certified Security - Specialty

    + Certified Cloud Security Professional (CCSP)

    + CEH, OSCP, GWAPT, CSSLP (desired)

    Required Security Clearance:

    + US Citizenship and the ability to obtain and maintain an active Public Trust or higher clearance, per contract requirements.

    Outstanding Performance…Always!”

     

    Our corporate motto represents our commitment to build long-term relationships with both our clients and our employees by providing the highest quality service in everything we do. We strive for excellence for our clients and for each other. We embrace the opportunity to hire individuals with new talents and fresh perspectives. Zantech offers competitive compensation, strong benefits, and a vacation package, as well as a fast-paced and exciting work environment. Come join our team!