Advisors Asset Management - Herndon, VA
posted 3 months ago
Full-time - Senior
Herndon, VA
Securities, Commodity Contracts, and Other Financial Investments and Related Activities
About the position
The Senior DevSecOps Engineer at Navitas Business Consulting will play a crucial role in integrating security into the development lifecycle. This position involves collaborating with developers, operations engineers, and information security team members to ensure that security measures are implemented from the outset of the development process. The role requires expertise in AWS security, infrastructure security reviews, and the use of various security tools to protect systems and applications.
Responsibilities
- Performing infrastructure security reviews, threat modeling, and risk analysis for systems built on AWS and deployed via infrastructure-as-code tools like AWS CloudFormation
- Implementing and managing security controls within AWS including IAM, VPCs, security groups, WAF, encryption, audit logging, etc.
- Performing static and dynamic analysis on source code using tools like Anchor/Grype, SonarQube, and Syft to catch security issues early
- Integrating security tools like secrets management, SAST, DAST, and dependency scanning into CI/CD pipelines in GitHub Enterprise and AWS Code Pipeline
- Building and configuring hardened Linux server images using tools like Packer that follow security best practices
- Implementing security monitoring and runtime protection for containers and services running on AWS ECS
- Helping define security requirements and compliance controls for regulated workloads built on AWS services like RDS Aurora
- Creating and managing infrastructure security policies as code via tools like Open Policy Agent
- Triaging and resolving security issues, working with developers and ops teams to implement fixes and improvements
- Keeping up to date with the latest cloud security best practices and threats
Requirements
- 5+ years' experience in an information, cloud, or infrastructure security role
- 3+ years mandatory experience in GitHub Actions
- Deep knowledge of AWS security services and features
- Experience with infrastructure-as-code and configuration management tools like Ansible, Terraform, or CloudFormation
- Proficiency in Linux administration and security best practices
- Knowledge of container and orchestrator security (Docker, Kubernetes, ECS)
- Experience with DevSecOps processes and toolchains like GitHub, Jenkins, Code Pipeline, etc.
- Strong scripting/coding ability (Bash, Python, Go, etc.)
- Knowledge of compliance frameworks like PCI, HIPAA, FedRAMP, etc.
