AppScan GitLab Engineer

• Location: Fairfax, Virginia
• Remote: Remote
• Type: Contract
• Job #8001

DataStaff is in immediate need of an AppScan GitLab Engineer for one of our direct clients for a contract-to-hire opportunity.

NOTE: This role is remote
 
Responsibilities:

• Maintain, Run, and Troubleshoot the suite of GitLab application vulnerability scan tools that the agency uses for pre-production gating.
• Install GitLab Runners prior to pre-prod application scans
• Learn and improve upon (if necessary) the yml template for pre-prod scans
• Act as GitLab scanning and security SME in conversations with Federal counterparts
• Work with GitLab vendor to evaluates and test upcoming releases to scanning tools; avoid any issues that could occur to EPA’s scanning processes by implementing the released upgrade
• Conduct analysis of scan results and inform application owners of vulnerabilities
• Assist application developers with false positive determination/justification
• Stay abreast of security policy changes and communicate them to EPA counterparts
• Develop and maintain standard operation procedures related to the Application Security team and their assistance to the DevSecOps team
• Develop and maintain training materials for application owners/submitters of application scan requests
• Provides recommendations to clients on information assurance engineering standards, implementation dependencies, and changing information assurance related technologies
• Comfortable speaking, with confidence, to executive level customers
• May coach and provide guidance to less-experienced professionals
• May serve as a team or task lead

Required Skills:

• BA/BS in IT or IT Security related major or relevant experience
• 3 Years – Actively maintaining and running GitLab scan tools:
• DAST UI and DAST API tool experience is required.
• GitLab Certified Security Specialist Certification

Desired Skills:

• Dependency/SBoM, SAST and Secrets Detection experience.