DevSecOps Engineer (Homes.com/Apartments.com)
$89,800 - $154,400/Yr
CoStar Group - Washington, DC
posted about 1 month ago
Full-time - Entry Level
Washington, DC
Real Estate
About the position
The DevSecOps Engineer role focuses on enhancing the security of web applications related to real estate, including Apartments and Homes. The position involves building and evolving a product platform security suite that integrates security controls across various environments, including CI/CD systems, cloud platforms, and Kubernetes. The role is designed for innovative, code-driven security engineers at various experience levels, from associate to lead architect, and offers a hybrid work model with three days onsite and two days remote.
Responsibilities
- Provide real-time vulnerability feedback in the IDE for insecure build patterns and artifacts.
- Gate environment builds to enforce vulnerability remediation SLAs.
- Conduct dynamic run-time scans of pre-production environments to prevent vulnerabilities from reaching production.
- Manage continual attack surface management, penetration testing, and exploit validation.
- Oversee cloud security posture management and workload protection.
- Implement cloud IAM security measures.
- Establish Kubernetes run-time security controls.
- Engage in cloud platform threat hunting activities.
- Manage API security and WAF/bot controls.
- Integrate runtime/drift vulnerability feedback into product development teams' bug tracking systems.
- Enforce federated cloud security hardening, detection, and enforcement.
- Manage data security posture and hunt for sensitive data leakage in logs, code, and documentation.
Requirements
- Bachelor's Degree in Computer Science, Cybersecurity, or a related field from an accredited institution.
- 2+ years of experience in security at scale in CI/CD systems, Kubernetes, cloud environments, or CDNs.
- Proficiency in scripting or Infrastructure as Code (IAC) using languages such as Python, PowerShell, Ansible, CloudFormation, or Terraform.
- Experience in a software development environment with a mature CI/CD process.
- Strong problem-solving skills and a passion for innovation.
Nice-to-haves
- Strong communication skills with software development and leadership audiences.
- In-depth understanding of various assessment tools.
- Knowledge of infrastructure operations across databases, networks, and system administration.
- Ability to communicate risk effectively to different levels of leadership.
- Mentoring and training capabilities for team members.
- Hands-on experience implementing security tools into CI/CD pipelines.
- Experience testing serverless cloud deployments.
Benefits
- Comprehensive healthcare coverage: Medical, Vision, Dental, Prescription Drug.
- Life, legal, and supplementary insurance.
- Virtual and in-person mental health counseling services for individuals and families.
- Commuter and parking benefits.
- 401(K) retirement plan with matching contributions.
- Employee stock purchase plan.
- Paid time off.
- Tuition reimbursement.
- On-site fitness center and/or reimbursed fitness center membership costs.
- Access to Diversity, Equity, & Inclusion Employee Resource Groups.
- Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and healthy snacks.
