Iseatz - Atlanta, GA
posted about 2 months ago
Full-time - Mid Level
Remote - Atlanta, GA
Administrative and Support Services
About the position
The DevSecOps Engineer at iSeatz plays a crucial role in integrating security into the software development lifecycle, ensuring secure and efficient code deployment. This position involves collaboration with various IT teams to manage security code releases and automate security protocols, ultimately enhancing the security posture of the organization while maintaining rapid deployment practices.
Responsibilities
- Integrate security into CI/CD pipelines to ensure secure deployment practices and minimize vulnerabilities.
- Conduct security code reviews to catch bugs and flaws before the deployment phase.
- Manage security measures for containerized services using Docker, Kubernetes, and similar technologies.
- Develop and maintain documentation related to DevSecOps processes and tools.
- Perform security patching as part of the deployment process.
- Monitor security tools in the deployment pipeline and adjust as necessary to improve automation and effectiveness.
- Collaborate to enforce standards and to identify and mitigate security risks.
- Stay current with new technologies and cloud trends, applying them to drive continuous improvement across the organization.
- Assist software development in writing code to remediate vulnerabilities.
Requirements
- Proven experience in DevSecOps and software development with a strong focus on security.
- Strong development background and familiarity with secure software development lifecycle (SDLC) methodologies.
- Knowledge of scripting languages such as Python.
- Experience with tools like GitHub Actions, and familiarity with AWS Cloud platform.
- Proficient in implementing and managing CI/CD pipelines.
- Understanding of containerization and orchestration technologies, including Docker and Kubernetes.
- Excellent problem-solving skills and the ability to think analytically.
- Strong organizational and time management skills, with the ability to prioritize tasks and meet deadlines.
Nice-to-haves
- Experience with infrastructure as code (IaC) using Terraform, Ansible, AWS CDK, or similar.
- Knowledge of Threat Modeling and risk assessment techniques.
- Experience with compliance regulations such as PCI-DSS, SOC2, NIST, etc as they relate to software development and deployment.
- Strong experience with the Ruby and Rust programming languages.
- Strong understanding of encryption, authentication, and access control mechanisms.
Benefits
- Remote-first work environment with flexibility in location.
- Opportunities for professional growth and development.
- Supportive and autonomous work culture with no micromanagement.
- Commitment to diversity and inclusion in the workplace.
