Metrostar Systems - Washington, DC

posted 5 months ago

Full-time - Mid Level
Washington, DC
Professional, Scientific, and Technical Services

About the position

As a DevSecOps Engineer at MetroStar, you will play a critical role in designing, implementing, and maintaining secure and efficient software development and deployment pipelines. Your primary responsibility will be to collaborate with cross-functional teams, including development, operations, and security, to integrate security practices seamlessly into the development and operations lifecycle. This integration is essential to ensure the delivery of high-quality, secure, and reliable software solutions that meet the needs of our clients and stakeholders. In this position, you will design, implement, and maintain Continuous Integration/Continuous Deployment (CI/CD) pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks. You will also develop and maintain infrastructure as code (IaC) templates and configurations, ensuring that security best practices are applied to cloud resources and infrastructure components. Regular security assessments, code reviews, and penetration testing will be part of your routine to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure. Monitoring and analyzing system and application logs to detect and respond to security incidents will be a key aspect of your role. You will implement and manage identity and access management (IAM) solutions, ensuring that appropriate authentication and authorization mechanisms are in place. Additionally, you will collaborate with software engineers to provide guidance on secure coding practices and assist in the remediation of security findings. Your participation in incident response activities will help investigate and mitigate security incidents in a timely manner, contributing to the overall security posture of the organization. Finally, you will contribute to the development and maintenance of security policies, procedures, and documentation, ensuring that the organization adheres to best practices and regulatory requirements. This role is vital in fostering a culture of security awareness and continuous improvement within the organization.

Responsibilities

  • Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
  • Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks.
  • Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components.
  • Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure.
  • Monitor and analyze system and application logs to detect and respond to security incidents.
  • Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place.
  • Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
  • Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner.
  • Contribute to the development and maintenance of security policies, procedures, and documentation.

Requirements

  • Active TS/SCI Clearance with CI poly.
  • At least 6 years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle.
  • Strong experience with DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium, Fortify, Acunetix, and Prisma Cloud).
  • Strong experience building DevSecOps solutions at scale across IL5 to IL6+ classification domains.
  • Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
  • Experience with cloud platforms (e.g., AWS, Azure, GCP) and securing cloud-based applications and services.
  • Experience with scripting languages (e.g., Python, Bash) for automation and tool integration.
  • Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).

Benefits

  • Generous benefits package
  • Professional growth opportunities
  • Valuable time to recharge
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service