DevSecOps Systems Engineer

$135,000 - $155,000/Yr

Unclassified - Pierre, SD

posted 2 months ago

Full-time
Remote - Pierre, SD

About the position

GovCIO is currently hiring for a DevSecOps Engineer to develop and maintain a cloud-based software factory style DevSecOps pipeline and associated tooling. This position is fully remote, allowing for flexibility in work location while contributing to the security and efficiency of software development processes. The DevSecOps Engineer will play a critical role in embedding security practices within the CI/CD pipelines, ensuring that security is integrated throughout the Software Development Life Cycle (SDLC). This involves collaborating with development, operations, and security teams to implement security controls effectively. The responsibilities of the DevSecOps Engineer include automating security checks within the CI/CD process to identify and address vulnerabilities early in the development cycle. The engineer will manage and automate infrastructure security configurations using tools such as Terraform and Ansible. Additionally, the role requires implementing and managing security monitoring tools to detect and respond to threats in real-time, as well as working closely with incident response teams to refine incident response plans for quick remediation of security breaches. Regular vulnerability assessments and penetration testing will be conducted to identify security gaps, and the engineer will track, prioritize, and remediate vulnerabilities in collaboration with relevant teams. Compliance with security standards such as ISO 27001, SOC 2, and GDPR is essential, along with conducting risk assessments and threat modeling to identify potential risks and define mitigation strategies. Collaboration and communication are key aspects of this role, as the engineer will work closely with cross-functional teams to ensure security is embedded in all stages of product development and operations. The engineer will also maintain detailed documentation of security practices, incidents, and remediation efforts, generating regular reports on the security status of applications and infrastructure for management and stakeholders. Continuous improvement is a priority, with the engineer expected to stay updated on the latest DevSecOps trends and lead security-focused retrospectives to address gaps in the process.

Responsibilities

  • Embed security practices and tools within the CI/CD pipelines to ensure secure application development and deployment.
  • Collaborate with development, operations, and security teams to integrate security controls throughout the SDLC.
  • Automate security checks in the CI/CD process, ensuring that vulnerabilities are identified and addressed early.
  • Manage and automate infrastructure security configurations using tools like Terraform, Ansible, or similar.
  • Implement and manage security monitoring tools and practices across the environment to detect and respond to threats in real-time.
  • Work closely with incident response teams to develop and refine incident response plans, ensuring quick remediation of security breaches.
  • Conduct regular vulnerability assessments and penetration testing to identify security gaps in the infrastructure and applications.
  • Track, prioritize, and remediate vulnerabilities in collaboration with relevant teams.
  • Ensure compliance with relevant security standards (e.g., ISO 27001, SOC 2, GDPR) and corporate policies.
  • Conduct risk assessments and threat modeling to identify potential risks and define strategies to mitigate them.
  • Work closely with cross-functional teams to ensure that security is embedded in all stages of product development and operations.
  • Act as a liaison between security, development, and operations teams to align on goals, processes, and outcomes.
  • Maintain detailed documentation of security practices, incidents, and remediation efforts.
  • Generate regular reports on the security status of applications and infrastructure for management and stakeholders.
  • Stay up to date with the latest DevSecOps trends, tools, and techniques, continuously improving security practices.
  • Lead and participate in security-focused retrospectives to identify and address gaps in the DevSecOps process.

Requirements

  • High School diploma with 10+ years of relevant experience or commensurate experience.
  • Must have or obtain IAT level II certification (i.e., CompTIA Security+(CE)).
  • Demonstrated experience or certifications in Linux and/or AWS GovCloud technologies.

Nice-to-haves

  • Application experience and/or expertise in administering Jira/Confluence, GitLab, Artifactory, jFrog, SonarCube, and Burp.
  • Strong interpersonal skills to collaborate with customers and internal cross-functional teams.
  • Experience with virtual and/or cloud-based servers and applications (AWS GovCloud Specific).
  • Excellent technical documentation and reporting skills.
  • Effective written and oral communication skills.
  • Experience working in an Agile environment.
  • Certification(s) in relevant technologies.
  • Active Top Secret clearance.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service