Information Security Analyst 3 (DevSecOps)

About the position

We have an exciting opportunity to join us in supporting one of our valued customers as an Information Security Analyst 3 (DevSecOps) to work out of Colorado Springs, CO. This is a hybrid position with a salary range of $115,000 - $150,000. The Information Security Analyst 3 (DevSecOps) will support the Modeling and Simulation (M&S) software developers in the furtherance of FedRAMP Impact Level packages and ATC/ATO matters. The candidate will design, implement, operate, and monitor SecOps solutions using tools such as AWS GuardDuty, CloudTrail, and CloudWatch; Prometheus; Grafana; Jaeger; Elastic/ELK Stack (kubewatch; fluentd; Static Code Analysis tools; third party dependency vulnerability scanners; authentication proxies; firewalls; TLS encryption; role based access control; vulnerability scanners; and patch and configuration management tools while restricting access to sensitive components such as nodes, etcd, Kubelet, Kubernetes Dashboard, and API servers. Critical to this effort, the candidate should be able to identify possible attack vectors, vulnerabilities, and proper configurations to mitigate risk to an acceptable level. The candidate will support developers in DevSecOps design, implementation, and maintenance operations to include securing Kubernetes hosts, control planes, pods, and workloads. Work with developers to ensure the Continuous Integration/ Continuous Development (CI/CD) pipeline automates security scanning and reporting to ensure secure coding practices are being followed; such as securing container images, passing vulnerability and quality scanners when code is checked into source code repositories, and adhering to role-based access control policies.