DevSecOps Systems Engineer IV

Invictus - Alexandria, VA

posted 4 months ago

Full-time - Mid Level
Alexandria, VA
Administrative and Support Services

About the position

The DevSecOps Systems Engineer IV position is a critical role that involves supporting systems development, testing, deployment, configuration management, and application installations within commercial cloud environments. This role is essential for ensuring the security and efficiency of operations across various security fabrics, including Secret and TS/SCI regions. The engineer will work with both traditional cloud services such as VPC, EC2, S3, NSG, and RDS, as well as modern cloud services that include serverless architectures, data science applications, DevOps tools, and API services. In this position, the engineer will design, develop, and maintain pipelines that facilitate and securely automate the software systems development life cycle. A key responsibility will be to ensure the automation of software build, transfer, deployment, testing, and scanning capabilities through the use of government-provided software pipeline tools and commercially available resources. The role also emphasizes security integration, requiring the engineer to integrate security tools, standards, and processes into the product lifecycle effectively. The engineer will need to have a strong background in automation, specifically in developing and maintaining CI/CD pipelines for code deployment and infrastructure changes. Collaboration with the development team is crucial, as the engineer will engage in threat modeling to identify potential security threats and implement appropriate security measures. Regular security assessments, penetration testing, and code reviews will be part of the responsibilities to ensure that applications meet security standards. Additionally, the engineer will participate in incident response and troubleshooting efforts, providing expertise and support, and building SOAR Playbooks for remediation. Familiarity with compliance standards and regulations is also necessary to ensure that all operations adhere to the latest security requirements.

Responsibilities

  • Support systems development, testing, deployment, configuration management, and application installations within commercial cloud environments.
  • Design, develop and maintain pipelines to facilitate and securely automate the software systems development life cycle.
  • Ensure the automation of software build, transfer, deploy, test and scan capabilities through the use of government provided software pipeline tools and commercially available resources.
  • Integrate security tools, standards, and processes into the product lifecycle.
  • Develop and maintain CI/CD pipelines for code deployment and infrastructure changes.
  • Collaborate with the development team to identify potential security threats and implement appropriate security measures.
  • Conduct regular security assessments, penetration testing, and code reviews to identify vulnerabilities and ensure the application meets security standards.
  • Participate in incident response and troubleshooting efforts as needed, providing expertise and support, building SOAR Playbooks for remediation.
  • Ensure compliance with the latest security standards and regulations.

Requirements

  • Bachelor's degree from an accredited institute in an area applicable to the position; an additional 4 years of experience may be substituted in lieu of a degree.
  • Minimum of eight (8) years of directly related software experience in addition to education level; minimum five (5) years of experience with software development and operations; at least three (3) years of experience using OpenShift, Kubernetes, Docker, and public cloud.
  • Extensive hands-on experience with cloud architecture, services, migration and security to include AWS-C2S.
  • Experience with pipeline tools such as Ansible, Jenkins, GitLab/GitHub and Artifactory.
  • Experience with container scanning/security tools, static and dynamic application security testing tools, Continuous Integration/Continuous Delivery (CI/CD) processes, and API integration.
  • High-level understanding of multi-security domain operations.
  • Must possess current DoD 8570 IAT/IAM II certification and a current system-specific certification (e.g. Microsoft, Cisco, Juniper, Linux, Unix, AWS, Tableau, Splunk).
  • Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraph.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service