DevSecOps Engineer
We are
A software services company that plan, design and develop complex systems and products for startups, enterprises and government organizations operating in the fields of cyber security, business intelligence and homeland security.
About the position
We are seeking an experienced DevOps Engineer with an inclination for Security to join our company. As a DevSecOps Engineer, you will be responsible for designing and implementing DevOps processes and tools, and ensuring the reliability, scalability and security of our software infrastructure. You will work closely with our development and operations teams to build and deploy high-quality software products and services.
Responsibilities:
- Develop and implement DevOps processes and tools to automate and streamline our software development and deployment workflows.
- Design, develop and maintain our software infrastructure using DevOps best practices including both cloud-based and on-premise infrastructure.
- Build and maintain our continuous integration and deployment (CI/CD) pipelines using technologies such as Jenkins, AWS CodePipeline, or Github Actions.
- Ensure the reliability and scalability of our systems by monitoring and improving system performance using tools such as Prometheus, Grafana, or Datadog.
- Work closely with our development and operations teams to troubleshoot issues and identify areas for improvement.
- Implement DevSecOps practices and integrate security into the development pipeline - Static Application Security Testing (SAST), Software Composition Analysis (SCA) and Infrastructure as Code (IaC) scanning.
- Strengthen the infrastructure & application security and implement solutions for secrets management (e.g. Hashicorp Vault), identity and access management (e.g. Keycloak, AWS IAM), infrastructure access management (e.g. Hashicorp Boundary).
- Stay up to date with the latest DevOps tools and technologies and share knowledge with the team.
- Perform security architecture and design reviews. Review network architecture, identity and access management, encryption, application security, integration with third parties, and ensure integration of relevant controls.
- Define security standards and best practices for system/product development. This includes establishing coding guidelines and secure design patterns.
- Perform penetration testing for sensitive projects to identify and address potential vulnerabilities.
- Strong communication skills with the ability to deliver security and DevOps training sessions and effectively communicate security and DevOps concepts to cross-functional teams.
Qualifications
- 2+ years of experience in DevOps or related fields.
- Excellent communication skills and ability to work in a team environment.
- Strong knowledge of DevOps best practices, including continuous integration and deployment (CI/CD), configuration management, and infrastructure as code.
- 1+ years of experience with containers and container orchestration/management tools (Vanilla Kubernetes, Openshift, EKS/AKS, Docker, ArgoCD, etc).
- Experience with IaC/CCA solutions (Ansible, Terraform - Must).
- Security related certification (e.g. CompTIA Security+, Certified Ethical Hacker - CEH, ISC2 Certified in Cybersecurity - CC, etc) - advantage.
- Previous experience of integrating code scanning tools and libraries into development projects, contributing to DevSecOps workflows (SAST, SCA, IAST, container scanning, infrastructure as code scanning) - advantage.
- Ability to participate in Security Design Reviews, assessing network architecture, encryption, and authentication protocols.
- Proficiency in at least one programming language (JS/Python/Go). Experience in conducting code reviews.
- Experience with Penetration Testing - advantage.
We offer opportunities for professional development and career growth. If you are a highly motivated and skilled DevSecOps professional and are looking for a challenging and rewarding career opportunity, we want to hear from you!
Sounds like you?