DevSecOps Engineer

Innovative Defense Technologies (Idt) - Arlington, VA

posted 2 months ago

Full-time
Arlington, VA
Professional, Scientific, and Technical Services

About the position

Innovative Defense Technologies (IDT) is seeking a skilled and driven DevSecOps Engineer to join our dynamic team in Arlington, VA. This position is crucial for ensuring the highest level of security and efficiency in our software products' development and deployment processes. The successful candidate will work closely with senior leadership and a fast-paced team of mission-focused engineers to tackle some of our customers' toughest challenges. The role requires a unique blend of skills from development, security, and operations domains, contributing to the creation of a high-quality and innovative Secured Software Supply Chain (S3C). This supply chain will provide IDT engineering teams with the necessary tools and environments to foster innovation while reducing friction in building and testing software products. The DevSecOps Engineer will engage in various tasks throughout the year, focusing on improving the stability of the S3C and addressing critical business needs as they arise. All team members will contribute to overarching goals while bringing their specific areas of expertise to the table. It is essential for all applicants to currently possess an active U.S. Security Clearance.

Responsibilities

  • Develop and maintain automation for provisioning and updating the S3C stack and Kubernetes based deployments.
  • Develop and maintain automated security testing processes, including static code analysis, static application security testing (SAST), software composition analysis (SCA), and security scanning for containers and infrastructure.
  • Integrate security checks at various stages of the CI/CD pipelines to ensure that security assessments are performed automatically during code build, testing, and deployment.
  • Implement security controls and best practices for cloud infrastructure, virtual machines, and container environments to safeguard against unauthorized access and data breaches in the S3C.
  • Identify, prioritize, and remediate security vulnerabilities across the development and testing environments, coordinating with developers and operations teams to address critical issues promptly.
  • Work with internal Cyber/Compliance/SECOPs groups to ensure that software and infrastructure meet relevant security compliance standards and regulations, such as DISA STIGs.
  • Manage access controls and permissions for users and applications, employing principles like least privilege and role-based access control (RBAC).
  • Foster a culture of collaboration and shared responsibility for security by working closely with development, security, and operations teams.
  • Continuously evaluate and enhance DevSecOps practices, tools, and processes to adapt to evolving security threats and industry best practices.

Requirements

  • Minimum 5 years' experience in DevOps/DevSecOps or full stack software development and testing.
  • B.S. in a software engineering field.
  • Experience with containerization technologies like podman and Docker.
  • Experience with virtualization (hypervisor) environments such as VMware.
  • Experience with Linux and Windows.
  • Experience in software development processes, version control systems (e.g., Git), and coding/scripting languages such as Python, Ruby, JavaScript, Shell scripting, etc.
  • Experience working with software development tools such as Jenkins, Maven, Gradle, Nexus, etc.
  • Working knowledge of Dev[Sec]Ops and CI/CD practices.
  • Familiarity with Infrastructure as Code (IaC) and automation tools such as Ansible or Puppet.
  • Familiarity with various security concepts, vulnerabilities, and best practices.
  • Ability to travel approximately 10%.

Nice-to-haves

  • Experience in DevSecOps and CI/CD.
  • Experience with Infrastructure as Code (IaC) and automation software such as Ansible or Puppet.
  • Experience with security testing tools such as SAST, DAST, SCA, and other vulnerability scanning tools.
  • Familiarity with container orchestration platforms like Kubernetes.
  • Familiarity with common security threats and how to mitigate them, as well as security frameworks and standards like OWASP and NIST.
  • Familiarity with industry-specific security compliance standards and regulations, such as DISA.
  • Familiarity with network security concepts, firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS).
  • Knowledge of authentication mechanisms (e.g., OAuth, SAML) and authorization protocols (e.g., RBAC, ABAC).

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service