Security Engineer (DevSecOps)
Metropolitan Council - Saint Paul, MN
posted 3 months ago
About the position
The Metropolitan Council is seeking a highly skilled and motivated Azure-focused DevSecOps Engineer to join our Information Services team. This role is crucial in building secure, scalable, and efficient development environments that safeguard sensitive data. As a DevSecOps Engineer, you will be responsible for ensuring that all live data in non-production environments is obfuscated or anonymized, implementing encryption for data at rest and in transit using Azure's encryption services, and enforcing strict access controls with Azure Active Directory (AD) and Azure Monitor. You will also perform regular compliance checks, manage privileged access, and ensure that development environments adhere to PCI-DSS standards, maintaining robust data security and compliance across the organization. In this position, you will architect and implement secure development environments by designing, implementing, and managing secure, scalable development environments on Azure. You will develop and enforce security best practices in the development lifecycle, ensuring compliance with industry standards and regulations by leveraging Azure Policy and Azure Blueprints. Additionally, you will be responsible for developing and maintaining containerization strategies using tools like Docker and Kubernetes within Azure Kubernetes Service (AKS), implementing container security best practices, and automating container deployment and management processes using Azure DevOps and AKS. You will also focus on Infrastructure as Code (IaC) by developing and maintaining IaC using tools like Terraform, Ansible, or Azure Resource Manager (ARM) templates. Collaborating with development and operations teams, you will automate infrastructure provisioning and management on Azure. Furthermore, you will provide developers with secure environments to build and test applications, implement tools and processes that enable secure development without local admin rights, and conduct regular security assessments and audits using Azure Security Center. Your role will also involve ensuring that all live data used in non-production environments is obfuscated or anonymized, implementing data encryption, maintaining strict access controls, and performing regular compliance checks to ensure adherence to data protection regulations and internal policies. You will implement and manage privileged access management (PAM) solutions to control and monitor elevated access rights across the environment, ensuring that development methodologies and environments maintain PCI-DSS compliance.
Responsibilities
- Design, implement, and manage secure, scalable development environments on Azure.
- Develop and enforce security best practices in the development lifecycle, specifically within Azure services.
- Ensure compliance with industry standards and regulations, leveraging Azure Policy and Azure Blueprints.
- Develop and maintain containerization strategies using tools like Docker and Kubernetes within Azure Kubernetes Service (AKS).
- Implement container security best practices, utilizing Azure Security Center and Azure Defender for Containers.
- Automate container deployment and management processes using Azure DevOps and AKS.
- Ensure containers do not run with root or local admin privileges and that minimal permissions are granted.
- Regularly update and patch container images to mitigate vulnerabilities.
- Develop and maintain infrastructure as code using tools like Terraform, Ansible, or Azure Resource Manager (ARM) templates.
- Ensure IaC scripts are secure, scalable, and maintainable, leveraging Azure DevOps for CI/CD pipelines.
- Collaborate with development and operations teams to automate infrastructure provisioning and management on Azure.
- Provide developers with secure environments to build and test applications on Azure.
- Implement tools and processes that enable secure development without local admin rights, using Azure AD and Azure RBAC.
- Conduct regular security assessments and audits using Azure Security Center to ensure a secure development environment.
- Obfuscate live data used in development and testing environments to prevent unauthorized access to sensitive information.
- Use Azure Key Vault and privileged access management (PAM) tools to manage secrets, keys, and certificates securely.
- Ensure all live data used in non-production environments is obfuscated or anonymized to protect sensitive information.
- Implement data encryption at rest and in transit using Azure's encryption services.
- Maintain strict access controls and monitor access to sensitive data, leveraging Azure AD and Azure Monitor.
- Perform regular compliance checks and audits to ensure adherence to data protection regulations and internal policies.
- Implement and manage privileged access management (PAM) solutions to control and monitor elevated access rights across the environment.
Requirements
- Bachelor's degree in Systems Security or related field and 5 years of experience; or an Associate's degree and 7 years of experience; or a high school diploma/GED and 9 years of experience.
- Experience in architecting and implementing secure development environments.
- Experience with container development and orchestration using Docker and Kubernetes.
- Experience with Infrastructure as Code (IaC) tools such as Terraform, Ansible, or Azure Resource Manager (ARM) templates.
- Experience with CI/CD pipelines and tools like Azure DevOps, Jenkins, or GitLab CI.
- Knowledge of security best practices in software development and infrastructure management, particularly within the Azure ecosystem.
- Familiarity with Azure cloud services, including Azure Active Directory, Azure Security Center, and Azure Key Vault.
Nice-to-haves
- Relevant certifications such as Certified Kubernetes Administrator (CKA), AWS Certified DevOps Engineer, or similar.
- Experience with monitoring and logging tools like Prometheus, Grafana, or ELK Stack.
- Knowledge of compliance frameworks such as GDPR, HIPAA, or PCI-DSS.
- Excellent problem-solving skills and the ability to work independently as well as collaboratively.
- Strong communication skills and the ability to explain complex technical concepts to non-technical stakeholders.
- Ability to work and collaborate with teammates and stakeholders with diverse viewpoints and backgrounds.
Benefits
- Medical insurance
- Dental insurance
- Life insurance
- Vision insurance
- Retirement plan
- Pension
