GovCIO - Juneau, AK
posted 2 months ago
GovCIO is currently hiring for a DevSecOps Engineer to develop and maintain a cloud-based software factory style DSO pipeline and associated tooling. This position is fully remote, allowing for flexibility while ensuring that the engineer can effectively contribute to the security integration within the CI/CD pipelines. The role requires embedding security practices and tools to ensure secure application development and deployment, collaborating with development, operations, and security teams to integrate security controls throughout the Software Development Life Cycle (SDLC). The responsibilities of the DevSecOps Engineer include automating security checks in the CI/CD process, managing and automating infrastructure security configurations using tools like Terraform and Ansible, and implementing security monitoring tools to detect and respond to threats in real-time. The engineer will also work closely with incident response teams to develop and refine incident response plans, ensuring quick remediation of security breaches. Regular vulnerability assessments and penetration testing will be conducted to identify security gaps, and the engineer will track, prioritize, and remediate vulnerabilities in collaboration with relevant teams. Compliance with relevant security standards such as ISO 27001, SOC 2, and GDPR is crucial, and the engineer will conduct risk assessments and threat modeling to identify potential risks and define strategies to mitigate them. Collaboration and communication with cross-functional teams are essential to ensure that security is embedded in all stages of product development and operations. The engineer will maintain detailed documentation of security practices, incidents, and remediation efforts, generating regular reports on the security status of applications and infrastructure for management and stakeholders. Continuous improvement is a key aspect of this role, with the engineer expected to stay up to date with the latest DevSecOps trends, tools, and techniques, leading and participating in security-focused retrospectives to identify and address gaps in the DevSecOps process.