Net Orbit - Lawrenceville, GA
posted about 2 months ago
Full-time
Lawrenceville, GA
Professional, Scientific, and Technical Services
About the position
The DevSecOps Engineer role focuses on integrating security practices within the DevOps process, ensuring that security is a fundamental aspect of application development and deployment. This position involves conducting security reviews, implementing secure development practices, and leading the adoption of automated security tools within CI/CD pipelines. The engineer will collaborate with product and engineering teams to address security risks and enhance the overall security posture of the organization.
Responsibilities
- Assist comprehensive security reviews of application architecture, design, and code across various products and platforms for cloud-based architecture.
- Drive the implementation of secure development practices, including threat modeling, security design reviews, and code analysis.
- Lead the adoption and integration of automated security tools (SAST, DAST, IAST) within CI/CD pipelines to enhance continuous security testing.
- Collaborate with product and engineering teams to identify and address security risks, build security into new products, and remediate vulnerabilities.
- Serve as a point of contact for application security incidents, leading root cause analysis, mitigation, and preventive measures.
- Stay ahead of the latest cloud-native, DevOps, GitOps, and security trends, attack techniques, and tools, and apply that knowledge to improve our security posture.
- Provide strategic input into product and engineering roadmaps, ensuring security considerations are embedded in planning and execution.
- Develop and deliver DevSecOps training programs to elevate the DevOps and security maturity of the entire development organization.
- Create runbooks, documents, policies and procedures for managing security solutions and risk areas.
- Create key performance indicators that track the progress and effectiveness of DevOps and security program.
Requirements
- Bachelor's or Master's degree in computer science, Information Security, or related field (or equivalent experience).
- 5+ years of experience in application security or software development.
- Strong experience with containers (Docker+Kubernetes).
- Experience with Azure, AWS, or Google Cloud Platform.
- Knowledge of secure coding practices, OWASP Top 10, SANS Top 25, and common web application vulnerabilities.
- Proven experience leading security initiatives, including threat modeling, security architecture reviews, and remediation strategies.
- Deep understanding of automated security testing tools (e.g., SAST, DAST, IAST) and integrating them into DevSecOps pipelines.
- Strong coding skills in one or more programming languages such as .NET, C#, Java, Python, or JavaScript, with experience identifying and remediating security vulnerabilities.
- Extensive experience securing cloud environments (AWS, Azure, Google Cloud Platform) and familiarity with container security.
Nice-to-haves
- Certified Kubernetes Administrator or Application Developer (CKA or CKAD from CNCF).
- Proficiency in developing and executing security programs that scale across large, distributed environments.
- Contributions to the security community.
