DevSecOps Engineer

We are seeking a highly motivated and experienced DevSecOps Engineer to join our dynamic and growing team. In this role, you will be a key contributor in building and maintaining a secure and reliable software development lifecycle. You will collaborate with development, operations, and security teams to automate security practices, integrate security tools into our CI/CD pipeline, and promote a security-conscious culture. You will play a critical role in ensuring the security and integrity of our applications and infrastructure.

Responsibilities:

• Security Automation: Automate security testing, vulnerability scanning, and compliance checks within the CI/CD pipeline.
• Infrastructure as Code (IaC) Security: Securely manage CI infrastructure using IaC principles, ensuring security best practices are implemented from the start.
• Security Tool Integration: Integrate and manage various security tools, including SAST, DAST, SCA, and infrastructure security scanners.
• Incident Response: Participate in security incident response, including investigation, containment, and remediation.
• Compliance and Auditing: Assist with compliance audits (e.g., SOC 2, PCI DSS, HIPAA) by providing evidence and automating compliance checks.
• Security Training and Awareness: Promote security awareness and provide training to development and operations teams.
• Security Monitoring: Implement and maintain security monitoring solutions to detect and respond to security threats.
• Continuous Improvement: Continuously improve security practices and automation, keeping up with the latest security threats and technologies.
• Collaboration: Collaborate effectively with development, operations, and security teams to achieve shared goals.
• Documentation: Create and maintain clear and concise documentation for security procedures and best practices.
• Stay up-to-date: Continuously learn about the latest security trends, tools, and techniques.

Qualifications:

Required:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in a DevSecOps or related role.
• Strong understanding of CI/CD pipelines and DevOps principles.
• Experience with containerization tools such as Docker and Podman.
• Experience with scripting languages such as Python, Bash, or Go.
• Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners.
• Experience with containerization technologies such as Docker and Kubernetes.
• Solid understanding of security principles and best practices.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration skills.

Preferred:

• Security certifications such as Security+, CSSLP, CISSP, CISM, or CEH.
• Experience with GitLab CI and GitLab Runners.
• Experience with security automation tools such as Ansible or Chef.
• Experience with Infrastructure as Code tools such as Terraform or CloudFormation.
• Experience with cloud platforms such as AWS, Azure, or Google Cloud Platform.
• Experience with security monitoring tools such as SIEM or IDS/IPS.
• Experience with compliance frameworks such as SOC 2, PCI DSS, or HIPAA.
• Experience with container orchestration software such as Kubernetes.
• Experience with threat modeling methodologies.
• Contributions to open-source security projects.

Clearance Requirements:

• Must possess an active DoD Top Secret Clearance with SCI and SAP eligibility.

#LI-CH1