This role is NOT open to c2c candidates. It is a contract (potentially contract to hire) role but does NOT provide sponsorship. This role is fully remote.
We are seeking a skilled Security Assessment Engineer to join our team. The ideal candidate will be instrumental in supporting the adoption of DevSecOps principles and automating assessment services to ensure continuous authorization to operate within our organization. This is a unique position that must be able to flex between security engineering, security control automation, development, and assessor roles in a NIST based risk management environment.
Responsibilities:
Key Responsibilities:
- Support DevSecOps initiatives by developing and implementing test-driven security within a CI/CD pipeline
- Create automation to support the NIST Risk Management Framework (SP800-37, SP800-53/53a).
- Develop and track Plan of Action and Milestones (POA&Ms) to address identified security vulnerabilities and compliance gaps.
- Able to document clear and repeatable process and train others to be able to perform automated assessment reviews.
- Develop and implement security assessment automation tools to support DevSecOps practices.
- Collaborate with development teams to integrate security assurance into the CI/CD pipeline.
- Conduct security assessments and risk analyses on new and existing software.
- Provide Subject Matter Expertise in the creation of security policies and standards.
- Develop and document procedures specific to the role.
- Work closely with compliance teams to ensure continuous monitoring and authorization.
- Assist in developing security training and awareness for technical staff.
- Stay current with evolving security landscape, industry trends, tools, and best practices.
Required Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field (preferred)
- Proven experience with security assessment tools and methodologies.
- Experience with wide range of programming languages, automation tools and scripting languages (e.g., Python, Ruby, Go, Bash/Shell, JavaScript/Node.js, Groovy, YAML/JSON, PowerShell, Java, Terraform).
- Understanding languages in the context of various DevSecOps tools and platforms like Docker, Kubernetes, Ansible, Chef, Puppet, Jenkins, GitLab CI, and cloud service providers (AWS, Azure, GCP).
- Experience with Policy as Code and Compliance as Code
- Knowledge of compliance frameworks and continuous authorization processes. Prefer NIST SP800-37, SP800-53/53a.
- Excellent communication skills and the ability to work collaboratively.
- Operational vulnerability analysis.
- Deep understanding of Dev/Sec/Ops processes and testing.
Preferred Qualifications: - Certifications such as GCSA, CISSP, CEH, or OSCP. - Experience in a policy and assurance or quasi-governmental environment. - Familiarity with cloud service providers and associated security challenges.
The candidate must possess skills that include experience with: Test design, performance testing, test architecture, configuration management, troubleshooting, excellent verbal and written and communication skills both horizontally and vertically, performing manual testing with agility and interaction, be proficient in continuous delivery, Agile, and DevOps.
About ManpowerGroup, Parent Company of: Manpower, Experis, Talent Solutions, and Jefferson Wells
ManpowerGroupR (NYSE: MAN), the leading global workforce solutions company, helps organizations transform in a fast-changing world of work by sourcing, assessing, developing, and managing the talent that enables them to win. We develop innovative solutions for hundreds of thousands of organizations every year, providing them with skilled talent while finding meaningful, sustainable employment for millions of people across a wide range of industries and skills. Our expert family of brands - Manpower, Experis, Talent Solutions, and Jefferson Wells - creates substantial value for candidates and clients across more than 75 countries and territories and has done so for over 70 years. We are recognized consistently for our diversity - as a best place to work for Women, Inclusion, Equality and Disability and in 2022 ManpowerGroup was named one of the World's Most Ethical Companies for the 13th year - all confirming our position as the brand of choice for in-demand talent.
ManpowerGroup is committed to providing equal employment opportunities in a professional, high quality work environment. It is the policy of ManpowerGroup and all of its subsidiaries to recruit, train, promote, transfer, pay and take all employment actions without regard to an employee's race, color, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, religion, age, disability, protected veteran status, or any other basis protected by applicable law.
