Application Security/QA Technical Lead - DevOps

---

Job description

Medical Science & Computing (MSC), a Guidehouse company is seeking an experienced Application Security/Quality Assurance Technical Lead to support our work at the National Institutes of Health (NIH), in Bethesda, MD (when it is safe).

The DevOps program at NCBI, responsible for delivering a DevSecOps platform and related services, is looking for an experienced technical lead,responsible for application security (AppSec) and quality assurance (QA).

National Center for Biotechnology Information (NCBI) is part of the National Library of Medicine (NLM) at National Institutes of Health (NIH). NCBI, one ofthe 400 topmost-visited sites in the world, is the premier biomedical center, hosting over 4 million daily users in search of clinical, genetic and otherinformation - at NCBI your work contributes to curing cancer faster! NCBI's wide range of applications (such as PubMed and ClincialTrials.org), platformsand environments (big data [petabytes], machine learning, multiple clouds) serve more users and more data than any other US Government Agency.

Duties & Responsibilities

• Within the larger DevOps program, lead a team of application security (AppSec) and quality assurance (QA) experts.
• Define and drive short and long term goals for the team. Hold Product Owner role which includes documenting epics, stories and tasks for theteam's agile development process.
• Integrate security and QA tools, standards, and processes into NCBI's products lifecycle.
• Ensure that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities.
• Own, continuously improve and support application security tooling (including static analysis and runtime testing tools) within a modernDevSecOps platform operating on premises and in multiple cloud environments.
• Continuously improve and maintain secure development standards.
• Support the incident response and architecture review processes whenever application security or quality assurance expertise is needed.
• Ensure applications are in compliance with Federal application security regulations and standards and work with network security staff tocontinuously improve and maintain a comprehensive security plan for the organization.
• Document NCBI's security practices and respond to information requests generated by Federal agencies or security audits.
• Participate in periodic penetration testing exercises.
• Integrate threat modeling practices into the product lifecycle.
• Produce metrics reporting the state of application security programs and performance of development teams against requirements

Requirements

Required qualifications:

• Bachelor degree or higher (Computer Science preferred).
• Formal training in software development, cyber security, and/or quality assurance.
• NCBI uses C/C++, Java/Scala/Kotlin, Python/Django and JavaScript. The DevSecOps platform uses Kubernetes, Istio, ArgoCD, GitLab andArtifactory. The ideal candidate will have familiarity with some of these languages, frameworks and technologies combined with solid experiencein software architecture and distributed systems.
• Industry or government experience leading initiatives related to software security or quality assurance.
• Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to both technical leadersand individual contributors.
• Candidates must be able to approach application security from the perspective of risk management.
• Demonstrated ability to influence decision making processes at all levels of a large organization will be critical to success.
• Candidates must have strong leadership skills and be effective managers of highly technical individuals.
• Candidates must have excellent verbal and written communication skills.
• Candidates must have experience with Agile development processes and have experience integrating secure development practices.
• NCBI is an Agile organization. Experience with Scrum and Kanban and the role of a Product Owner is required.

Preferred qualifications:

• Former NIH experience
• Any other DevOps technologies, any prior DevOps experience

#LI-KP1

Due to our contractual requirements and federal orders, including an Executive Order from the White House and an emergency regulation from the Centers for Medicare & Medicaid Services (CMS), the position for which you are applying requires that you provide proof of your vaccination status. If you are unable to receive the COVID-19 vaccine for medical reasons or because of a sincerely held religious belief, you may request an exemption from the vaccination requirement which shall be reviewed after the submission of requested documentation. If an accommodation is granted, the conditions may include weekly testing and masking. All Guidehouse employees also agree to follow any additional health and safety mitigation policies that may be required in the workplace.

Compensation

Company Description

We are a trusted government partner that blends deep domain expertise with advanced technologies to help our customers solve complex problems that improve, protect, and save lives. As a rapidly growing company, we combine entrepreneurial spirit, customer focus, and an outcomes-based approach to support agency missions in health IT, life sciences, public safety, and grants management.

The Dovel Family of Companies offers employees an opportunity to advance beyond a specific role or contract, we offer a path to develop an enriching career. We believe in empowering a culture of innovation, customer success, and employee growth.

What you'll get…

• Time Off! Flexible schedules and company paid holidays allow you to take the time you need.
• Investment in YOU! 401(K) company contributions are yours to keep with no waiting period.
• Choices! Unique healthcare plans to choose from with options like fertility and orthodontia benefits.
• Discovery! With our tuition assistance and training programs, we support your career advancement.
• Tax Savings! Enroll in pre-tax Health or Dependent Care Flexible Spending, HSA with company contributions, parking, and/or transit commuter benefits.
• Support! Working parents and busy professionals - we've got you covered with a supportive culture, confidential Employee Assistance Program and a membership to Care.com.
• Perks! Employee discounts, peer recognition programs, company-wide wellness challenges, and fun community events.
• A Voice! A unique culture where you can influence decisions and have your voice heard.

We are an Equal Opportunity Employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, disability, or veteran status.