Randstad - Hollywood, FL
posted about 2 months ago
As a Principal DevSecOps Engineer, you will play a pivotal role in shaping our software development lifecycle by integrating security practices seamlessly into our processes. Your technical expertise and leadership will drive the implementation of robust CICD (Continuous Integration and Continuous Deployment) patterns while adhering to industry standards and policies. You'll collaborate with cross-functional teams, ensuring that our applications are secure, reliable, and efficiently deployed. In this role, you will design and implement secure, scalable solutions to address infrastructure and security requirements. You will champion DevSecOps practices, integrating security seamlessly into the SDLC with tools like SAST/DAST solutions and Infrastructure as Code (IaC) scanning (e.g., Prisma Cloud, SonarQube). Your responsibilities will include identifying and implementing opportunities for pipeline automation and optimization, driving efficiency and speed. You will embrace Infrastructure as Code (IaC) using tools like Terraform and Kubernetes to automate and manage multi-cloud deployments (e.g.: AWS, Azure). You will lead the containerization charge, leveraging Docker and Helm 3 for efficient application packaging and deployment. A strong understanding of security concepts, including threat modeling, risk assessment, and vulnerability management, is essential. You will also implement state-of-the-art artifact management solutions for secure storage and distribution (e.g., Artifactory, Nexus) and maintain robust monitoring solutions (e.g., Prometheus, Grafana) to gain deep insights into application and infrastructure health. Your role will require you to integrate and leverage a SIEM tool (Splunk or similar) to collect, analyze, and correlate security-related data from various sources for advanced threat detection and incident response. You will foster a collaborative environment, working closely with development, security, and operations teams to ensure seamless software delivery. Staying ahead of the curve by researching and integrating the latest DevSecOps trends and methodologies will be crucial, as will sharing your expertise through internal training and knowledge sharing sessions. You will also be responsible for developing and maintaining clear documentation for DevSecOps processes and tools, ensuring consistency and knowledge transfer, troubleshooting and resolving complex issues within the CI/CD pipeline and cloud deployments, and keeping incident tracking tools updated. A proactive approach to identify and mitigate security risks is essential, as is championing agile methodologies within the DevSecOps workflow, ensuring continuous integration, delivery, and feedback loops. This position requires a Bachelor's degree in Computer Science or Information Technology and at least 9 years of experience in DevSecOps principles and practices. You will need a proven track record of designing and implementing secure, automated CI/CD pipelines with modern tools, a deep understanding of Infrastructure as Code (IaC) tools, and familiarity with cloud technologies for cloud DevSecOps.