Mount Indie
posted about 2 months ago
Full-time - Mid Level
Administrative and Support Services
About the position
Mount Indie is seeking a Sr. DevSecOps Engineer to enhance their team. This role is pivotal in designing, implementing, and maintaining secure software development and deployment pipelines. The engineer will work closely with various teams to integrate security practices into the development and operations lifecycle, ensuring the delivery of high-quality and secure software solutions.
Responsibilities
- Work across development, operations, and security teams to integrate security practices into the SDLC.
- Provide design, implementation, and maintenance efforts to CI/CD pipelines, incorporating automated security testing, vulnerability scanning, and compliance checks.
- Provide development and support to infrastructure as code (IaC) templates and configurations, ensuring security best practices.
- Conduct security assessments, code reviews, and penetration testing to identify and address vulnerabilities in applications, code, and infrastructure.
- Provide monitoring and analysis of systems and applications logs to detect and respond to security incidents.
- Implement and administer identity and access management (IAM) solutions.
- Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
- Contribute to investigation and mitigation of security incidents in a timely manner.
- Participate in the development and maintenance of security policies, procedures, and documentation.
Requirements
- At least 6 years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle.
- Strong experience with DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium, Fortify, Acunetix, and Prisma Cloud).
- Strong experience building DevSecOps solutions at scale across IL5 to IL6+ classification domains.
- Experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
- Experience with cloud platforms (e.g., AWS, Azure, GCP) and securing cloud-based applications and services.
- Experience with scripting languages (e.g., Python, Bash) for automation and tool integration.
- Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
- Active TS/SCI Clearance with CI poly.
Nice-to-haves
- Current certifications to meet 8140/8570 standards (e.g. Security+ or above)
- Cloud certifications such as AWS Solutions Architect Associate/Professional, AWS SysOps Administrator, AWS Developer, or AWS DevOps Engineer
- Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes, OpenShift, EKS) and securing containerized applications.
- Experience with low-to-high development models and associated tooling
- Experience with Microsoft Azure or Google Cloud Platform (GCP)
