DevSecOps Systems Engineer

$135,000 - $155,000/Yr

GovCIO - Juneau, AK

posted 2 months ago

Full-time - Mid Level
Remote - Juneau, AK

About the position

GovCIO is currently hiring for a DevSecOps Engineer to develop and maintain a cloud-based software factory style DSO pipeline and associated tooling. This position is fully remote, allowing for flexibility while ensuring that the engineer can effectively contribute to the security integration within the CI/CD pipelines. The role requires embedding security practices and tools to ensure secure application development and deployment, collaborating with development, operations, and security teams to integrate security controls throughout the Software Development Life Cycle (SDLC). The responsibilities of the DevSecOps Engineer include automating security checks in the CI/CD process, managing and automating infrastructure security configurations using tools like Terraform and Ansible, and implementing security monitoring tools to detect and respond to threats in real-time. The engineer will also work closely with incident response teams to develop and refine incident response plans, ensuring quick remediation of security breaches. Regular vulnerability assessments and penetration testing will be conducted to identify security gaps, and the engineer will track, prioritize, and remediate vulnerabilities in collaboration with relevant teams. Compliance with relevant security standards such as ISO 27001, SOC 2, and GDPR is crucial, and the engineer will conduct risk assessments and threat modeling to identify potential risks and define strategies to mitigate them. Collaboration and communication with cross-functional teams are essential to ensure that security is embedded in all stages of product development and operations. The engineer will maintain detailed documentation of security practices, incidents, and remediation efforts, generating regular reports on the security status of applications and infrastructure for management and stakeholders. Continuous improvement is a key aspect of this role, with the engineer expected to stay up to date with the latest DevSecOps trends, tools, and techniques, leading and participating in security-focused retrospectives to identify and address gaps in the DevSecOps process.

Responsibilities

  • Embed security practices and tools within the CI/CD pipelines to ensure secure application development and deployment.
  • Collaborate with development, operations, and security teams to integrate security controls throughout the SDLC.
  • Automate security checks in the CI/CD process, ensuring that vulnerabilities are identified and addressed early.
  • Manage and automate infrastructure security configurations using tools like Terraform, Ansible, or similar.
  • Implement and manage security monitoring tools and practices across the environment to detect and respond to threats in real-time.
  • Work closely with incident response teams to develop and refine incident response plans, ensuring quick remediation of security breaches.
  • Conduct regular vulnerability assessments and penetration testing to identify security gaps in the infrastructure and applications.
  • Track, prioritize, and remediate vulnerabilities in collaboration with relevant teams.
  • Ensure compliance with relevant security standards (e.g., ISO 27001, SOC 2, GDPR) and corporate policies.
  • Conduct risk assessments and threat modeling to identify potential risks and define strategies to mitigate them.
  • Work closely with cross-functional teams to ensure that security is embedded in all stages of product development and operations.
  • Act as a liaison between security, development, and operations teams to align on goals, processes, and outcomes.
  • Maintain detailed documentation of security practices, incidents, and remediation efforts.
  • Generate regular reports on the security status of applications and infrastructure for management and stakeholders.
  • Stay up to date with the latest DevSecOps trends, tools, and techniques, continuously improving security practices.
  • Lead and participate in security-focused retrospectives to identify and address gaps in the DevSecOps process.

Requirements

  • High School with 10+ years of experience or commensurate experience.
  • Must have or obtain IAT level II certification (i.e., CompTIA Security+(CE)).
  • Demonstrated experience or certifications in Linux and/or AWS GovCloud technologies.

Nice-to-haves

  • Application experience and/or expertise in administering Jira/Confluence, GitLab, Artifactory, jFrog, SonarCube, Burp.
  • Strong interpersonal skills to collaborate with customers and internal cross-functional teams.
  • Experience with virtual and/or cloud-based servers and applications (AWS GovCloud Specific).
  • Excellent technical documentation and reporting skills.
  • Effective written and oral communication skills.
  • Experience working in an Agile environment.
  • Certification(s) in relevant technologies.
  • Active Top Secret clearance.

Benefits

  • Competitive salary range of USD $135,000.00 - USD $155,000.00 per year.
  • Opportunities for professional development and training.
  • Flexible working environment with remote work options.
  • Health insurance and other standard benefits.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service