Unclassified - Pierre, SD
posted 2 months ago
GovCIO is currently hiring for a DevSecOps Engineer to develop and maintain a cloud-based software factory style DevSecOps pipeline and associated tooling. This position is fully remote, allowing for flexibility in work location while contributing to the security and efficiency of software development processes. The DevSecOps Engineer will play a critical role in embedding security practices within the CI/CD pipelines, ensuring that security is integrated throughout the Software Development Life Cycle (SDLC). This involves collaborating with development, operations, and security teams to implement security controls effectively. The responsibilities of the DevSecOps Engineer include automating security checks within the CI/CD process to identify and address vulnerabilities early in the development cycle. The engineer will manage and automate infrastructure security configurations using tools such as Terraform and Ansible. Additionally, the role requires implementing and managing security monitoring tools to detect and respond to threats in real-time, as well as working closely with incident response teams to refine incident response plans for quick remediation of security breaches. Regular vulnerability assessments and penetration testing will be conducted to identify security gaps, and the engineer will track, prioritize, and remediate vulnerabilities in collaboration with relevant teams. Compliance with security standards such as ISO 27001, SOC 2, and GDPR is essential, along with conducting risk assessments and threat modeling to identify potential risks and define mitigation strategies. Collaboration and communication are key aspects of this role, as the engineer will work closely with cross-functional teams to ensure security is embedded in all stages of product development and operations. The engineer will also maintain detailed documentation of security practices, incidents, and remediation efforts, generating regular reports on the security status of applications and infrastructure for management and stakeholders. Continuous improvement is a priority, with the engineer expected to stay updated on the latest DevSecOps trends and lead security-focused retrospectives to address gaps in the process.