Sr DevOps Engineer
Contract to hire
As a DevSecOps Engineer, you will be responsible for bringing development, security, and operations together to create a robust security approach. To be successful in this role, you will have the drive and dedication to continuously improve our DevSecOps service offerings, be capable of leading deep technical discussions, and approach securing infrastructure and applications by automating processes and building tools.
• Must have experience with Azure PAAS
•5+ years of experience with DevSecOps tools to automate the integration of security at every phase of the software development lifecycle, from initial design through integration, testing, deployment, and product delivery. Examples of tools include Azure DevOps, GoCD, Jenkins, Maven, Codacy, GitHub, Sonarqube, Terraform, Vault, and OWASP ZAP.
• 5+ years hands-on experience and subject matter expertise with enterprise infrastructure, such as recent versions of Windows server and RedHat Linux, F5 Big IP application services, DNS, Active Directory, Group Policy, Enterprise SQL and Postgres databases, and VMware to include VMware NSX.
• Experience with network and system security tools, including web application firewalls, endpoint protection, application vulnerability scanning, encryption protocols, security information and event management, and identity and access management.
• Knowledge of and the ability to explain cybersecurity processes and concepts, such as threats, vulnerabilities, encryption, network boundary defense, zero trust, SOAR, authentication, security certification and accreditation, and risk management framework.
• Hands-on experience with scripting languages such as Powershell, Python or Bash, and infrastructure as code tools such as Terraform to include writing scripts and modules from scratch.
• Experience with common AWS services, such as EC2, S3, RDS, VPC, Cloud Watch, Cloud Trail, and IAM.
• Experience configuring and securing containers and container orchestration solutions such as Docker and Kubernetes.
• Experience developing workflows in ServiceNow to integrate DevSecOps toolchains to provide data insights, accelerate change, and increase visibility across DevOps teams.
Day to day
• Working closely with senior leaders to develop a comprehensive, agile, and innovative DevSecOps program that supports all phases of the software development lifecycle, identifies and effectively manages risk, and establishes a user-friendly cybersecurity culture.
• Developing and implementing continuous integration and continuous delivery (CI/CD) pipelines to automate and shift left with security for the deployment of infrastructure and application code.
• Writing and reviewing infrastructure as code to ensure compliance
• Monitoring, coordinating, reporting the status, and responding to alerts for compliance violations, threats, and vulnerabilities reported by vendors and CISA or found using tools such as Tenable, Splunk, FireEye, Carbon Black, and Netsparker.
• Serving as a subject matter expert within the Enterprise Hosting Program to collaborate with and guide infrastructure engineers to build secure infrastructure services, address new and critical security vulnerabilities, and enhance cybersecurity best practices across the program by automating and developing streamlined processes.
• Occasionally presenting to our program or our software developer colleagues, on DevSecOps best practices and ways to solve challenging technical issues with agile security tools and practices.