Overview
On Site
DOE
Contract - W2
Skills
DevSecOps
Software Development
Management
Security QA
SCA
Terraform
Embedded Systems
Security Controls
Software Architecture
Design Patterns
Non-functional Testing
Software Development Methodology
Cloud Computing
Google Cloud Platform
Google Cloud
Docker
Kubernetes
Continuous Integration
Continuous Delivery
Microsoft Azure
DevOps
ADO
Scripting
Python
TypeScript
Bash
IBM Security AppScan
GitHub
SailPoint
Regulatory Compliance
ISO/IEC 27001:2005
OWASP
Communication
Collaboration
Security Architecture
Threat Modeling
Identity Management
Amazon Web Services
Certified Ethical Hacker
CISSP
Job Details
; Job Summary: We are seeking a DevSecOps Engineer to embed security throughout our software development lifecycle. This role acts as a bridge between development, operations, and security, ensuring secure design, implementation, and deployment of applications and infrastructure. The ideal candidate will have strong experience integrating security tools into CI/CD pipelines, promoting secure coding practices, and building a security-first DevOps culture.
;
; Job Responsibilities: Embed security controls and tools into CI/CD pipelines.Implement and manage automated security testing tools such as SAST, DAST, and SCA.Identify and remediate vulnerabilities in application code and infrastructure.Guide development teams in secure coding best practices and threat mitigation.Build Infrastructure-as-Code (IaC) using Terraform or CloudFormation with embedded security controls.Conduct security reviews of application architecture and designs, supporting threat modeling and secure design patterns.Ensure security validation is integrated into functional and non-functional testing.Develop security automation within CI/CD pipelines using tools like GitHub Advanced Security and AppScan.Collaborate with cross-functional engineering teams to improve security coverage and response.
;
; Required Skills: Strong understanding of DevOps principles and secure SDLC.Experience with cloud platforms: AWS, Azure, or Google Cloud Platform.Experience with containerization: Docker and Kubernetes.Hands-on experience with CI/CD tools: GitHub (including CoPilot, Enterprise, Advanced Engineering), Azure DevOps (ADO).Proficient in scripting languages: Python, TypeScript, Bash, etc.Familiarity with security tools and platforms: AppScan, GitHub Advanced Security, Sailpoint IIQ, MS EntraID.Knowledge of security frameworks and compliance standards (e.g., NIST, ISO 27001, OWASP).Strong communication and team collaboration skills.
;
; Preferred Skills: Experience with security architecture and threat modeling.Familiarity with identity and access management systems.
;
; Certifications: [Specify if required, e.g., AWS Security Specialty, CEH, CISSP]
;
; Education: Bachelors degree in computer science, Information Security, Engineering, or a related field (or equivalent experience)
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.