Lead Business Process Engineer- IRS (DC)

Job Description:

The U.S. Department of the Treasury is seeking an experienced Lead Business Process Engineer to design, operationalize, and implement a comprehensive Security Development Lifecycle (SDL) framework as part of the Treasury Enterprise Cyber Consolidation initiative. This critical role will ensure security is embedded throughout the software development lifecycle for all Treasury applications, enhancing the Department's security posture while achieving compliance with federal regulations and standards.

The Lead Business Process Engineer will be responsible for conducting discovery across all existing SDL services at Treasury, identifying gaps in current application security practices, and designing a tailored SDL framework that integrates security best practices into every phase of development. This position requires translating complex security requirements and industry standards into practical, repeatable processes that development teams can adopt while maintaining alignment with Treasury's strategic cybersecurity objectives and the broader Treasury Common Services Center (TCSC) implementation.

Key Responsibilities:

• SDL Framework Design: Develop a comprehensive application-layer Security Development Lifecycle framework tailored to Treasury's unique requirements, mission context, and regulatory environment, ensuring security is integrated from requirements gathering through deployment and maintenance
• Current-State Discovery: Conduct thorough discovery of all component SDL services, security practices, and procedures currently incorporated into existing application development lifecycles across Treasury Bureaus
• Gap Analysis and Recommendations: Identify gaps in current SDL coverage and recommend updates or additions to SDL services, methods, and techniques based on industry best practices, NIST guidance, and applicable regulatory, legal, or statutory requirements
• Process Documentation: Create detailed SDL guidance documentation including process workflows, security gates, approval criteria, roles and responsibilities, and integration points with existing development methodologies (Agile, DevOps, Waterfall)
• Security Requirements Integration: Define security requirements and acceptance criteria for each SDL phase, including threat modeling, secure design principles, secure coding standards, security testing requirements, and vulnerability remediation processes
• Tool and Automation Strategy: Recommend and integrate security tools into the SDL framework including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and container security scanning
• Stakeholder Engagement: Collaborate with application development teams, security architects, ISSOs, system owners, and Bureau stakeholders to validate SDL processes and secure adoption across the enterprise
• Training and Enablement: Develop training materials, playbooks, and job aids to support developer adoption of SDL practices and ensure consistent implementation across Treasury
• Metrics and Continuous Improvement: Establish SDL performance metrics and maturity indicators to measure adoption, effectiveness, and security outcomes, enabling continuous refinement of the framework
• Compliance Alignment: Ensure SDL framework supports compliance with NIST SP 800-53 Rev. 5, NIST Secure Software Development Framework (SSDF), OMB M-22-18, and other applicable federal secure development requirements

Required Requirements:

• Minimum 7 years of experience in application security, secure software development, or DevSecOps roles
• Minimum 5 years of experience designing or implementing Security Development Lifecycle frameworks, secure SDLC programs, or application security processes in enterprise environments
• Demonstrated experience conducting application security assessments, threat modeling, and secure code reviews
• Proven track record implementing security testing tools (SAST, DAST, SCA) and integrating security into CI/CD pipelines
• Experience with federal government application security requirements and compliance frameworks
• Strong background in software development methodologies (Agile, DevOps, Waterfall) and development lifecycle management
• Experience working with cross-functional teams including developers, architects, security teams, and business stakeholders
• Expertise with DevSecOps practices and security automation in CI/CD pipelines
• Knowledge of federal compliance requirements including NIST SP 800-53 controls related to application security (SA, SI, SC families)
• Experience with Microsoft Visio
• Professional Competencies:
• Excellent communication skills with ability to engage both technical and non-technical stakeholders
• Strong analytical and problem-solving capabilities
• Experience facilitating workshops and working sessions with development teams
• Ability to balance security requirements with development velocity and business needs
• Demonstrated ability to drive adoption of new processes and practices across organizations
• Ability to obtain and maintain a federal security clearance (Secret or higher)

Preferred Requirements:

• Active Public Trust for Department of Treasury
• Advanced Certifications:

– Master's degree in Business, Computer Science, Cybersecurity, Software Engineering, or related field

– Offensive Security Certified Professional (OSCP) or similar penetration testing certification

– Certified Ethical Hacker (CEH)

– AWS Certified Security Specialty or Azure Security Engineer Associate

– GIAC Cloud Security Automation (GCSA)

– Certified DevSecOps Professional (CDP)

• Prior experience with Treasury or other Cabinet-level federal agency application security programs
• Experience implementing SDL frameworks aligned to NIST SSDF or similar federal secure development standards
• Published thought leadership on secure development, DevSecOps, or application security
• Knowledge of FedRAMP security requirements for cloud applications
• Experience with container orchestration security (Kubernetes, Docker) and infrastructure-as-code security
• Familiarity with Treasury-specific applications, development environments, or compliance requirements
• Experience with ServiceNow Security Operations or GRC modules for application security tracking
• Understanding of microservices security architecture and zero trust application design
• Experience with SAFe (Scaled Agile Framework) or other enterprise agile methodologies
• Knowledge of CMMI for Development or similar maturity models

Required Education & Certifications:

• Bachelor's degree in Business, Computer Science, Software Engineering, Information Security, or related field
• One or more of the following certifications required:

– Certified Secure Software Lifecycle Professional (CSSLP)

– Project Management Professional

– Lean Six Sigma Green Belt or Greater

Compensation:

The salary for this role is budgeted at $120,000-$140,000 annually, plus benefits. ThunderYard offers benefits including medical, dental and vision insurance, 401k matching, PTO, certification reimbursement and more.

Vetting

Candidates selected will be subject to a background investigation for clearance eligibility by our government client.

ThunderYard Solutions is proud to be an Equal Opportunity Employer. We don’t just accept difference – we celebrate it, we support it, and we thrive on it for the benefit of our employees, our community, and our customers. All applicants will be considered for employment without discrimination of race, color, religion, or belief, national, social, or ethnic origin, sex, age, physical, mental, or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union, or domestic partnership status, protected veteran status, family medical history or genetic information.

Job Type: Full-time

Pay: $120,000.00 - $140,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Flexible schedule
• Health insurance
• Health savings account
• Paid time off
• Professional development assistance
• Referral program
• Vision insurance

Work Location: Hybrid remote in Washington, DC 20590