DevSecOps Engineer

Job Title: Senior DevSecOps Engineer Location: Fully Remote Salary: DOE + full benefits Clearance: Active Public Trust (or ability to obtain) Job Summary We are seeking a skilled and motivated Senior DevSecOps Engineer to join our dynamic team. In this role, you will be responsible for integrating security practices into our software development and deployment processes, ensuring the continuous delivery of secure and reliable applications. The ideal candidate will have a deep understanding of development, security, and operations principles, with a passion for automating and streamlining workflows to enhance both efficiency and security. Job Responsibilities Collaborate with cross-functional teams to design, implement, and maintain secure and scalable DevSecOps pipelines that integrate continuous integration, continuous delivery (CI/CD), and security practices. Automate deployment, configuration, and monitoring of infrastructure and applications using modern tools and technologies. Implement and enforce security controls and best practices throughout the software development lifecycle. Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security vulnerabilities. Ensure compliance with industry standards and regulatory requirements related to security and privacy. Integrate security tools and practices, such as static analysis, dynamic analysis, and container security, into the CI/CD pipeline. Monitor and respond to security incidents and alerts, coordinating with relevant teams to implement timely solutions. Provide technical expertise and guidance to development and operations teams on security best practices and risk mitigation strategies. Stay up to date with emerging security threats and vulnerabilities, and proactively recommend solutions to address potential risks. Collaborate with the development team to ensure that security is incorporated into the design and architecture of applications. Participate in code reviews, identify security flaws, and suggest remediation strategies. Document processes, procedures, and best practices to improve team knowledge and efficiency. Required Skill/Qualifications Proven experience as a DevSecOps Engineer, Security Engineer, or similar role. Must have experience with internal developer platforms (backstage) and experience with JavaScript and JavaScript build process experience using npm. Must have experience with script builds using npm. Experience with Node.js, npm, and yarn. Experience with React, Docker, Java, .NET Hands-on experience working with IDP to include: Predefined templates for environments and pipelines. Testing and staging environments. Integration with CI/CD tools. Monitoring and logging capabilities. Experience with DevSecOps, CI/CD, application modernization, and/or cloud-native application development will provide a useful context for the work that needs to be done. Strong knowledge of DevOps principles and practices, as well as software development methodologies. Familiarity with cloud computing platforms (e.g., AWS, Azure, Google Cloud) and infrastructure-as-code (IaC) tools (e.g., Terraform, CloudFormation). Experience with containerization technologies such as Docker and Kubernetes. Proficiency in scripting and automation using languages such as Python, PowerShell, or Bash. Knowledge of security frameworks and compliance standards (e.g., NIST, CIS, OWASP). Hands-on experience with security tools such as vulnerability scanners, intrusion detection systems, and log analysis tools. Strong problem-solving skills and the ability to analyze complex technical issues. Excellent communication skills to collaborate with both technical and non-technical stakeholders. Relevant certifications such as Certified DevSecOps Engineer, Certified Information Systems Security Professional (CISSP), or equivalent, are a plus . Education Bachelor's degree in computer science, Information Technology, or a related field. Equivalent practical experience will also be considered.

Created: 2024-10-27