Yulista - Huntsville, AL
posted about 2 months ago
Full-time - Mid Level
Huntsville, AL
Transportation Equipment Manufacturing
About the position
StraitSys Inc is seeking a DevSecOps Engineer with AWS experience to support the Federal Bureau of Investigation (FBI). This role focuses on enhancing the software development lifecycle through the design and implementation of CI/CD patterns while adhering to industry standards. The engineer will collaborate with various divisions to provide build solutions, document processes, and maintain DevSecOps platforms, significantly impacting the team's engineering and maintenance efforts.
Responsibilities
- Create, develop, and implement solutions to address infrastructure and security requirements.
- Identify the needs for build automation, designing, and implementing CI/CD solutions.
- Consult on DevSecOps requirements from diverse application/line of business partners.
- Create plug-and-play/reusable solutions and patterns for CI/CD pipelines.
- Create, develop, and implement automation and system integration for various build platforms.
- Publish and disseminate CI/CD best practices, patterns, and solutions.
- Ensure that the service's uptime and response time SLAs/OLAs are met or surpassed.
- Build or maintain CI/CD building blocks and shared libraries proactively for app and development teams to enable quicker build and deployment.
- Design action plans to address CICD platform/tools/solutions' shortcomings and difficulties.
- Actively participate with team members and contractors/vendors to prevent or quickly address problems.
- Troubleshoot, identify, and fix problems in the DevSecOps domain.
- Ensure incident tracking tools are updated in accordance with established norms and processes, gather all essential data and document any discoveries and concerns.
- Identify management concerns and problems, assess them, and offer prompt solutions and/or escalation.
- Align with technological Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL).
- Create and publish engineering platforms and solutions.
Requirements
- Comprehensive technical expertise in a variety of DevSecOps toolkits, including Ansible, Jenkins, Artifactory, Jira, Black Duck, Terraform, Git/Version Control Software, or comparable technologies.
- Familiarity with information security frameworks and standards.
- Knowledge of DevOps Automation (TerraFrom, GitLab, GitHub, GitHub Actions).
- Knowledge of Prisma cloud, SIEM, SOC, Nesus, Crowd strike or similar services.
- Familiarity with API Security, Container Security, AWS Cloud Security.
- Familiarity with Amazon AWS policy, configuration, and security management tools.
- Proven capacity for thinking leadership and a highly creative problem-solver.
- Excellent analytical and interpersonal skills.
- Ability to express technical information clearly at different organizational levels.
- Knowledge of PCI-DSS, HIPPA, SOX, GDPR, and CCPA Standards and Policies and the associated certification and audit processes.
- CISM, CISSP or other Security Certifications.
- Auditing and Compliance Certifications such as CISA, PCI-ISA, and PCIP.
- Experience with infrastructure as code (IaC) tools (Puppet, Ansible, AWS CloudFormation or equivalent).
- Strong understanding of cloud computing platforms (AWS, Azure) and infrastructure services.
- Demonstrated experience using AWS to include S3, EC2, SNS, SQS, and Lambda.
- Experience with PowerShell or other scripting languages like Bash.
- Experience with aws-cli (and other container images) as it relates to automation within CI/CD pipelines.
- Experience with industry standard Static Code Analysis (SCA) tools such as SonarQube, Nexus IQ Server, Fortify, JFrog Artifactory.
Nice-to-haves
- Experience with additional DevSecOps tools and technologies not listed in the requirements.
- Familiarity with Agile methodologies and practices.
- Experience in a federal or government contracting environment.
Benefits
- Competitive salary and benefits package.
- Opportunities for professional development and training.
- Supportive work environment with a focus on diversity and inclusion.
