Msm Technology - Quantico, VA
posted about 2 months ago
Full-time - Senior
Quantico, VA
Professional, Scientific, and Technical Services
About the position
The Senior DevSecOps Engineer III role at MSM Technology LLC focuses on integrating security practices into the software development lifecycle. This position involves designing and maintaining CI/CD pipelines, developing infrastructure as code, conducting security assessments, and collaborating with various teams to ensure secure coding practices and incident response activities.
Responsibilities
- Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
- Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks.
- Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components.
- Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure.
- Monitor and analyze system and application logs to detect and respond to security incidents.
- Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place.
- Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
- Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner.
- Contribute to the development and maintenance of security policies, procedures, and documentation.
Requirements
- Experience in integrating security practices into the software development lifecycle.
- Proficiency in designing and maintaining CI/CD pipelines with automated security testing and compliance checks.
- Knowledge of infrastructure as code (IaC) and security best practices for cloud resources.
- Experience in conducting security assessments, code reviews, and penetration testing.
- Ability to monitor and analyze system and application logs for security incidents.
- Experience with identity and access management (IAM) solutions.
- Strong collaboration skills with software engineers on secure coding practices.
- Experience in incident response activities and security policy development.
