Oct 14
Top Secret/SCI
Unspecified
Unspecified
wright-patterson afb, OH (On-Site/Office)
We are seeking a highly motivated and experienced DevSecOps Engineer to join our dynamic and growing team. In this role, you will be a key contributor in building and maintaining a secure and reliable software development lifecycle. You will collaborate with development, operations, and security teams to automate security practices, integrate security tools into our CI/CD pipeline, and promote a security-conscious culture. You will play a critical role in ensuring the security and integrity of our applications and infrastructure.
Responsibilities:
Qualifications:
Required:
Preferred:
Clearance Requirements:
#LI-CH1
Responsibilities:
- Security Automation: Automate security testing, vulnerability scanning, and compliance checks within the CI/CD pipeline.
- Infrastructure as Code (IaC) Security: Securely manage CI infrastructure using IaC principles, ensuring security best practices are implemented from the start.
- Security Tool Integration: Integrate and manage various security tools, including SAST, DAST, SCA, and infrastructure security scanners.
- Incident Response: Participate in security incident response, including investigation, containment, and remediation.
- Compliance and Auditing: Assist with compliance audits (e.g., SOC 2, PCI DSS, HIPAA) by providing evidence and automating compliance checks.
- Security Training and Awareness: Promote security awareness and provide training to development and operations teams.
- Security Monitoring: Implement and maintain security monitoring solutions to detect and respond to security threats.
- Continuous Improvement: Continuously improve security practices and automation, keeping up with the latest security threats and technologies.
- Collaboration: Collaborate effectively with development, operations, and security teams to achieve shared goals.
- Documentation: Create and maintain clear and concise documentation for security procedures and best practices.
- Stay up-to-date: Continuously learn about the latest security trends, tools, and techniques.
Qualifications:
Required:
- Bachelor's degree in Computer Science, Information Security, or a related field.
- 5+ years of experience in a DevSecOps or related role.
- Strong understanding of CI/CD pipelines and DevOps principles.
- Experience with containerization tools such as Docker and Podman.
- Experience with scripting languages such as Python, Bash, or Go.
- Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners.
- Experience with containerization technologies such as Docker and Kubernetes.
- Solid understanding of security principles and best practices.
- Strong analytical and problem-solving skills.
- Excellent communication and collaboration skills.
Preferred:
- Security certifications such as Security+, CSSLP, CISSP, CISM, or CEH.
- Experience with GitLab CI and GitLab Runners.
- Experience with security automation tools such as Ansible or Chef.
- Experience with Infrastructure as Code tools such as Terraform or CloudFormation.
- Experience with cloud platforms such as AWS, Azure, or GCP.
- Experience with security monitoring tools such as SIEM or IDS/IPS.
- Experience with compliance frameworks such as SOC 2, PCI DSS, or HIPAA.
- Experience with container orchestration software such as Kubernetes.
- Experience with threat modeling methodologies.
- Contributions to open-source security projects.
Clearance Requirements:
- Must possess an active DoD Top Secret Clearance with SCI and SAP eligibility.
#LI-CH1
group id: RTL041421
