Company:
Mount Indie
Location: Washington
Closing Date: 21/10/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
Mount Indie is in search of a Sr. DevSecOps Engineer to join our dynamic team. As a DevSecOps Engineer, you will play a critical role in designing, implementing, and maintaining secure and efficient software development and deployment pipelines. You will collaborate with cross-functional teams to integrate security practices seamlessly into the development and operations lifecycle, ensuring the delivery of high-quality, secure, and reliable software solutions.
Responsibilities:
- Work across development, operations, and security teams to integrate security practices into the SDLC.
- Provide design, implementation, and maintenance efforts to CI/CD pipelines, incorporating automated security testing, vulnerability scanning, and compliance checks.
- Provide development and support to infrastructure as code (IaC) templates and configurations, ensuring security best practices.
- Conduct security assessments, code reviews, and penetration testing to identify and address vulnerabilities in applications, code, and infrastructure.
- Provide monitoring and analysis of systems and applications logs to detect and respond to security incidents.
- Implement and administer identity and access management (IAM) solutions.
- Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
- Contribute to investigation and mitigation of security incidents in a timely manner.
- Participate in the development and maintenance of security policies, procedures, and documentation.
- At least 10 years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle.
- Expert experience with DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium, Fortify, Acunetix, and Prisma Cloud).
- Expert experience building DevSecOps solutions at scale across IL5 to IL6+ classification domains
- Expert understanding of AWS and familiarity with other cloud platforms (e.g., Azure, GCP) and securing cloud-based applications and services.
- Strong experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
- Strong experience in scripting languages (e.g., Python, Bash) for automation and tool integration.
- Hands-on experience with security tools for static code analysis, dynamic application security testing (DAST), and vulnerability scanning, using tools such as Fortify, Acunetix, and Prisma Cloud
- Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
- Active TS/SCI Clearance with CI poly
- Current certifications to meet 8140/8570 standards (e.g. Security+ or above)
- Understanding of containerization and orchestration technologies (e.g., Docker, Kubernetes, OpenShift, EKS) and securing containerized applications.
- Cloud certifications such as AWS Solutions Architect Associate/Professional, AWS SysOps Administrator, AWS Developer, or AWS DevOps Engineer
- Experience with low-to-high development models and associated tooling
- Experience with Microsoft Azure or Google Cloud Platform (GCP).
Share this job
Mount Indie
Useful Links