Sr. DevSecOps(Active Secret Clearance) - Hybrid

Overview

Hybrid
Depends on Experience
Contract - W2
Contract - Independent

Skills

DevOps
DevSecOps
Docker
FedRAMP
GitHub
Kubernetes
Linux
Terraform
SAST
RDS
Python
Ansible
Bash
DAST
SonarQube
infrastructure security
configuration management
threat modeling
Business Consulting

Job Details

Security Engineer - DevSecOps

Herndon VA

Secret Clearance.

Position Overview:

Navitas Business Consulting is seeking a Sr. DevSecOps professional to support one of our Flagship contracts with over 6+ years of experience and a strong background in implementing Kubernetes environments, plus experience with DevOps methods and practices. This role would be a hybrid role in our Herndon VA Offices.

On-site requirements are three days a week with occasional travel to Washington DC for required meetings.

Responsibilities:

  • Performing infrastructure security reviews, threat modeling, and risk analysis for systems built on AWS and deployed via infrastructure-as-code tools like AWS CloudFormation
  • Implementing and managing security controls within AWS including IAM, VPCs, security groups, WAF, encryption, audit logging, etc.
  • Performing static and dynamic analysis on source code using tools like Anchor/Grype, SonarQube, and Syft to catch security issues early
  • Integrating security tools like secrets management, SAST, DAST, and dependency scanning into CI/CD pipelines in GitHub Enterprise and AWS CodePipeline
  • Building and configuring hardened Linux server images using tools like Packer that follow security best practices
  • Implementing security monitoring and runtime protection for containers and services running on AWS ECS
  • Helping define security requirements and compliance controls for regulated workloads built on AWS services like RDS Aurora
  • Creating and managing infrastructure security policies as code via tools like Open Policy Agent
  • Triaging and resolving security issues, working with developers and ops teams to implement fixes and improvements
  • Keeping up-to-date with the latest cloud security best practices and threats

Preferred Experience:

  • 5+ years experience in an information, cloud, or infrastructure security role
  • Deep knowledge of AWS security services and features
  • Experience with infrastructure-as-code and configuration management tools like Ansible, Terraform, or CloudFormation
  • Proficiency in Linux administration and security best practices
  • Knowledge of container and orchestrator security (Docker, Kubernetes, ECS)
  • Experience with DevSecOps processes and toolchains like GitHub, Jenkins, CodePipeline, etc.
  • Strong scripting/coding ability (Bash, Python, Go, etc.)
  • Knowledge of compliance frameworks like PCI, HIPAA, FedRAMP, etc.

Navitas Business Consulting Inc., is an Equal Opportunity Employer with a commitment to diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, sexual orientation, disability status, protected veteran status, or any other characteristic protected by law.