Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

BCG Federal is a US federally compliant environment at BCG. The BCG FED Organization is seeking a knowledgeable and talented Lead Cyber Security Cloud Engineer that will be responsible for operating and maintaining the BCG Cybersecurity DevSecOps programs in alignment with NIST 800-171, CMMC and IT Security best practices. The DevSecOps Lead manages the DevSecOps environment, and internal playbooks relating to IT Cloud security. They will ensure appropriate application of DevSecOps methodologies, security products, and technologies to protect the company’s systems and information.

 

Your duties will include:

Operating IAW with relevant industry standards and frameworks (i.e. FedRAMP, NIST 800-171, CMMC, etc) while embedding agile DevSecOps.Be the subject matter expert (SME) for all things DevSecOps and SDLC in the environmentManage BCG Federal’s DevSecOps day to day operations ensuring continuous security integration within agile workflows, monitoring, and implementation of security technologies related to DevSecOps, Overseeing the management, monitoring, and implementation of security technologies across CI/CD pipelines to maintain a continuous security posture.Understanding the current threat landscape and helping to develop risk mitigation strategies  Creation of documentation and knowledgebase articles regarding DevSecOps policies and proceduresProvide monthly reporting metrics on DevSecOps environment, including indicators of continuous security improvements and performance.Assist with development of the company’s DevSecOps processes and procedures.Create KPI’s, metrics, dashboards and reporting to measure the performance of the DevSecOps environment.

YOU’RE GOOD AT

Strong comprehensive problem-solving skills to identify and solve issues quicklyAbility to work well independently as well as part of a virtual, geographically dispersed team bringing a sense of urgency to the tasks at handEffectively handling difficult and stressful situations with poise, tact, and patience, while demonstrating a sense of urgency—particularly in time-sensitive DevSecOps sprintsApplying strong analytical skills, attention to detail, and a quality-minded approach to ensure continuous security and complianceExceptional verbal and written communication and presentation skillsDemonstrating the ability to operate and innovate in a small, fast-paced team environment—especially within agile software development and continuous security contexts—balancing both strategic and tactical needs

What You'll Bring

Minimum of 5 years of information security experience, with a strong background in agile software development such as, DevSecOps, CI/CD pipelines, Kubernetes, Docker, Terraform, Python, and Azure GCCH CloudExperience with the management of DevSecOps, Azure GCCH and Gitlab/Github environmentsExperience with CI/CD, software composition analysis, SAST and DAST tools and processesTechnical knowledge and hands on experience with Azure GCCH and Gitlab, Terraform, Python, Kubernetes, and Docker services and technologiesExperience working with the Microsoft G5 Security stackMust be able to obtain and maintain a U.S. government security clearanceU.S. Citizenship Required

Who You'll Work With

This individual will collaborate with other BCG information technology teams such as Identity, Information Management, Software Development, Hosting, Devices Team – Windows/Mac/Mobile, Security, Voice and Networking to ensure alignment with BCG’s overall Cloud and IT Architecture plans.

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.\n
BCG is an E - Verify Employer. Click here for more information on E-Verify.