DevSecOps Engineer
$81,250 - $146,875/Yr
Leidos - Oklahoma City, OK
posted 2 months ago
Full-time
Oklahoma City, OK
Professional, Scientific, and Technical Services
About the position
The DevSecOps Engineer position at Leidos is focused on integrating security practices into the DevOps processes for a significant Air Force weapons system program. This role is essential for embedding security throughout the software development lifecycle, ensuring compliance with relevant standards, and enhancing the security posture of applications. The ideal candidate will have a strong background in DevSecOps practices and a commitment to improving security measures within applications, contributing to a secure and efficient software development environment.
Responsibilities
- Support the integration of security practices into the DevOps pipeline for DoD applications, ensuring compliance with relevant standards.
- Implement and automate security tools and processes within CI/CD workflows to enhance the security posture of applications.
- Conduct vulnerability assessments, penetration testing, and threat modeling to identify and remediate security issues.
- Collaborate with development and operations teams to establish secure coding practices and implement security controls.
- Configure and manage security tools, including static code analysis, dynamic application security testing, and infrastructure as code (IaC) security.
- Participate in incident response activities, monitoring security alerts and incidents, and coordinating with cross-functional teams.
- Mentor junior team members and provide guidance on DevSecOps best practices and tools.
Requirements
- US Citizen with at least a Top Secret clearance
- 4+ Years of Experience and a Bachelor's degree in Computer Science or similar field. Additional Experience may be considered in lieu of degree.
- Three to five years of experience performing or supporting software development activities in a professional capacity.
- Strong understanding of software development paradigms and supporting technologies (e.g. change management & version control, CI/CD, Agile planning tools such as Jira or Gitlab)
- Strong experience with Linux and Windows operating systems, network administration, and networking protocols/functions (e.g., HTTP, HTTPS, SSL/TLS, SMTP, DNS)
- Experience provisioning and managing resources within IaaS/Cloud infrastructures (e.g., Azure, AWS, Google Cloud Platform, etc.)
- Experience with container technologies such as Docker and container orchestration tools like Kubernetes
- Experience with automated provisioning and configuration tools like Terraform, CloudFormation, Chef, Puppet, Ansible or similar technologies
- Excellent problem solving and analysis skills, including the ability to logically create structure and order from unstructured inputs.
- Self-starter that is able to work independently while possessing the communication skills to work effectively with software development teams and customers.
- Excellent interpersonal, verbal and written communication skills.
- Ability to obtain U.S. DoD Secret security clearance.
Nice-to-haves
- Experience with Air Force Life Cycle Management Center programs.
- DoD 8570 IAM Level II certification or higher (e.g. CASP, CISM, CISSP) or DoD 8140 Advanced certifications.
- Intermediate or better cloud certifications such as Microsoft Certified: Azure Solutions Architect Expert or similar certification from another cloud provider.
- Experience with security tools and practices related to DevSecOps (e.g., SAST, DAST, IAST).
- Experience with compliance standards (e.g., OWASP, NIST) and DoD regulations.
- Understanding of Infrastructure as Code (IaC) and security automation.
- Three to five years of experience performing DevSecOps activities in a professional capacity.
- Interest in continuous learning and professional development in cybersecurity and DevOps practices.
Benefits
- Pay Range $81,250.00 - $146,875.00
