DevSecOps Engineer, Consultant

California Physicians' Service - El Dorado Hills, CA

posted 26 days ago

Full-time
El Dorado Hills, CA
Insurance Carriers and Related Activities

About the position

As a DevSecOps Engineer in the IT Quality Engineering Organization, you will be responsible for ensuring the security and quality of software products. This role involves establishing best practices for DevSecOps methodologies, particularly in a cloud environment, and leading the implementation of these practices tailored for Azure. You will collaborate with cross-functional teams to integrate security throughout the software development lifecycle and provide training and mentoring to enhance the team's capabilities in DevSecOps.

Responsibilities

  • Evaluate and analyze the existing IT infrastructure, identifying areas for improvement and security enhancement.
  • Design and implement secure, scalable, and automated cloud-based solutions on Microsoft Azure to support application deployment and management.
  • Advocate for DevSecOps principles and practices within the organization.
  • Lead the implementation of DevSecOps practices, including continuous integration, continuous delivery, continuous testing (CI-CD-CT), and automated testing, tailored for the Azure cloud environment.
  • Collaborate with software development teams to integrate security controls and best practices into the application development process and to create robust testing strategies that cover functional, security, and performance aspects.
  • Develop and execute test plans, test cases, and test scripts to validate software functionality and security.
  • Encourage collaboration between development, operations, and security teams.
  • Maintain comprehensive documentation related to testing processes, security findings, and remediation efforts.
  • Generate reports on testing results, security assessments, and risk assessments.
  • Create automated test suites and pipelines.
  • Implement monitoring, logging, and alerting systems to ensure the security and availability of cloud-based infrastructure.
  • Integrate SonarQube with CI/CD pipelines and Azure DevOps.
  • Manage the configuration and infrastructure as code (IaC) using tools such as Terraform, Ansible, or similar, with a strong emphasis on security.
  • Conduct security assessments, vulnerability testing, and ensure compliance with industry standards and regulatory requirements.
  • Work closely with stakeholders to define and enforce security policies and access controls in the Azure environment.
  • Develop and maintain documentation for security processes, procedures, and configuration management.
  • Continuously improve testing methodologies and security processes.

Requirements

  • Experience with DevSecOps methodologies and practices.
  • Strong knowledge of cloud solutions, particularly Microsoft Azure.
  • Proficiency in CI/CD practices and tools, including Azure DevOps.
  • Experience with infrastructure as code (IaC) tools such as Terraform or Ansible.
  • Strong understanding of security principles and practices in software development.
  • Ability to develop and execute test plans and scripts for software validation.
  • Excellent documentation and reporting skills.

Nice-to-haves

  • Experience with automated testing frameworks and tools.
  • Familiarity with security assessment tools and vulnerability testing.
  • Knowledge of compliance standards and regulatory requirements in the IT industry.

Benefits

  • Health insurance
  • 401k plan
  • Paid time off
  • Professional development opportunities

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service