Remote/Onsite?: 3/2 hybrid. 3 onsite, 2 remote
Please have your candidates answer these qualifying questions and add them to the top of the resumes upon submission.
- Please describe your work experience with Coverity
- Please describe your work experience with any scripting/programming language
- Please describe your experience with DevSecOps and implementing security practices in it
Cyber Security Knowledge/experience Required
Coverity tool experience required
Black Duck tool experience highly desired
The worker will set up a framework for programs to run coverage scans.
Must have the ability to write scripts to automate in Python and Powershell
We are seeking a skilled DevSecOps Engineer to join our dynamic team. As a DevSecOps Engineer, you will play a crucial role in ensuring the security and integrity of our software development lifecycle. You will be responsible for implementing and maintaining tools and processes that enable secure and efficient software development practices.
Key Responsibilities
- Implementing Static Analysis Tools: Utilize tools such as Coverity to perform static code analysis, identify potential security vulnerabilities, and ensure code quality.
- Scripting Expertise: Proficiency in scripting languages such as Python, PowerShell, or similar technologies to automate security testing processes and integrate security tools into CI/CD pipelines.
- Integration of Black Duck Hub: Integrate and maintain Black Duck Hub for open source vulnerability management, ensuring compliance with licensing requirements and identifying security risks associated with third-party dependencies.
- DevSecOps Implementation: Collaborate with development, operations, and security teams to integrate security practices into the DevOps workflow, including continuous security testing, code scanning, and vulnerability remediation.
- Security Automation: Design and implement automated security checks and tests throughout the software development lifecycle to identify and mitigate security risks early in the process.
- Incident Response and Remediation: Respond to security incidents promptly, investigate root causes, and implement remediation strategies to prevent future occurrences.
- Documentation and Training: Create and maintain documentation for security processes, tools, and best practices. Provide training and support to development teams on secure coding practices and security tools usage.
Requirement for US Export Control Position
Due to compliance with U.S. export control laws and regulations, the candidate must be a U.S. Person, defined as, a U.S. citizen, a U.S. permanent resident, or have protected status in the U.S. under asylum or refugee status.
#J-18808-Ljbffr