Overview
On Site
Accepts corp to corp applications
Contract - W2
Contract - 23 day((s))
Skills
CI/CD
DevSecOps
IaC
Security Moinotring
Job Details
The DevSecOps Engineer integrates security practices into the DevOps process, ensuring that software development, deployment, and operations are secure from end to end.
Experience: 6-10 yrs
Experience: 6-10 yrs
Mandatory Skills
CI/CD Pipelines, Secure IaC templates, security monitoring tools, Devsecops
Required Skills:
Programming & Scripting
Python, Bash, Go, Ruby, JavaScript
Regular expressions for parsing and automation
Security Fundamentals
Cryptography (TLS, SSL, encryption standards)
Authentication & Authorization (OAuth2, SAML, JWT)
Secure coding practices and OWASP Top 10
Cloud Security
Identity and Access Management (IAM)
Cloud-native security tools (e.g., AWS GuardDuty, Azure Security Center)
Cloud workload protection platforms (CWPP)
Container & Orchestration Security
Docker security best practices
Kubernetes RBAC, Network Policies, Pod Security Standards
Container scanning tools (e.g., Anchore, Sysdig)
Networking & Firewalls
VPNs, proxies, load balancers
Network segmentation and zero-trust architecture
Compliance & Auditing
SOC 2, PCI-DSS, HIPAA, GDPR
Audit logging and forensic analysis
Tools & Platforms
Security Testing
Static Analysis: SonarQube, Semgrep, Fortify
Dynamic Analysis: OWASP ZAP, Burp Suite
Dependency Scanning: Snyk, WhiteSource, Mend.io
Secrets Detection: GitLeaks, TruffleHog
CI/CD & Automation
Jenkins, GitHub Actions, GitLab CI, CircleCI
ArgoCD, Spinnaker
Cloud Platforms
AWS, Azure, Google Cloud Platform (Google Cloud Platform)
HashiCorp Vault (for secrets management)
Terraform, Pulumi (Infrastructure as Code tools)
Monitoring & Logging
Prometheus, Grafana
ELK Stack (Elasticsearch, Logstash, Kibana)
Splunk, Datadog
Vulnerability Management
Qualys, Nessus, OpenVAS
Prisma Cloud, Aqua Security
Identity & Access Management
Okta, Auth0, AWS IAM
Keycloak
Responsibilities:
1. Security Integration in CI/CD Pipelines
Embed security checks (e.g., SAST, DAST, SCA) into continuous integration and deployment workflows.
Automate vulnerability scanning and remediation.
2. Infrastructure as Code (IaC) Security
Secure IaC templates (e.g., Terraform, CloudFormation).
Implement policies to prevent misconfigurations and enforce compliance.
3. Monitoring & Incident Response
Set up security monitoring tools (e.g., SIEM, IDS/IPS).
Respond to security incidents and perform root cause analysis.
4. Threat Modeling & Risk Assessment
Conduct threat modeling during design and development phases.
Assess risks and recommend mitigation strategies.
5. Tooling & Automation
Select and integrate security tools (e.g., SonarQube, Aqua Security, HashiCorp Vault).
Automate security tasks to reduce manual effort and human error.
6. Compliance & Governance
Ensure adherence to standards like ISO 27001, NIST, GDPR, HIPAA.
Maintain audit trails and documentation for compliance.
7. Collaboration & Training
Work closely with developers, operations, and security teams.
Educate teams on secure coding practices and DevSecOps principles.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.