Sr Software Engineer (DevSecOps Engineer)

Remote/Onsite?: 3/2 hybrid. 3 onsite, 2 remote

Please have your candidates answer these qualifying questions and add them to the top of the resumes upon submission.

• Please describe your work experience with Coverity
• Please describe your work experience with any scripting/programming language
• Please describe your experience with DevSecOps and implementing security practices in it

Coverity tool experience required

Black Duck tool experience highly desired

The worker will set up a framework for programs to run coverage scans.

Must have the ability to write scripts to automate in Python and Powershell

We are seeking a skilled DevSecOps Engineer to join our dynamic team. As a DevSecOps Engineer, you will play a crucial role in ensuring the security and integrity of our software development lifecycle. You will be responsible for implementing and maintaining tools and processes that enable secure and efficient software development practices.

• Implementing Static Analysis Tools: Utilize tools such as Coverity to perform static code analysis, identify potential security vulnerabilities, and ensure code quality.
• Scripting Expertise: Proficiency in scripting languages such as Python, PowerShell, or similar technologies to automate security testing processes and integrate security tools into CI/CD pipelines.
• Integration of Black Duck Hub: Integrate and maintain Black Duck Hub for open source vulnerability management, ensuring compliance with licensing requirements and identifying security risks associated with third-party dependencies.
• DevSecOps Implementation: Collaborate with development, operations, and security teams to integrate security practices into the DevOps workflow, including continuous security testing, code scanning, and vulnerability remediation.
• Security Automation: Design and implement automated security checks and tests throughout the software development lifecycle to identify and mitigate security risks early in the process.
• Incident Response and Remediation: Respond to security incidents promptly, investigate root causes, and implement remediation strategies to prevent future occurrences.
• Documentation and Training: Create and maintain documentation for security processes, tools, and best practices. Provide training and support to development teams on secure coding practices and security tools usage.

Requirement for US Export Control Position

Due to compliance with U.S. export control laws and regulations, the candidate must be a U.S. Person, defined as, a U.S. citizen, a U.S. permanent resident, or have protected status in the U.S. under asylum or refugee status.