Contract Early Practitioner – Fundamentals of DevSecOps

Alchemy is seeking a qualified Early Practitioner with applied, real-world experience in Fundamentals of DevSecOps to participate in a skills assessment validation engagement. This is a short-term, contract, remote engagement in which the Early Practitioner will complete a practitioner-level skills assessment and a brief post-assessment survey. This role does not involve teaching, instructional design, content creation, or ongoing advisory responsibilities. Engagement Details Engagement Type: Contract / 1099 – Short-term engagement Location: Remote Estimated Item Count: ~75 Estimated Time to Completion: Approximately 1–2 hours Assessment Window: Work must be completed within a defined access window (typically 5 business days once access is granted) Scope of Work Complete a practitioner-level skills assessment used for validation and standard-setting purposes. Complete a short post-assessment survey providing feedback on the assessment experience. This role does not include: • Teaching or facilitation responsibilities • Instructional or curriculum design work • Content authoring or SME review of materials • Ongoing advisory or consulting responsibilities Required Expertise The Early Practitioner should be a current practitioner with applied, real-world experience related to the following knowledge areas and skills: • Explain the core components and methodologies of DevSecOps • Summarize the DevSecOps manifesto and when a DevSecOps approach is appropriate • Compare DevOps and DevSecOps and define DevSecOps roles and responsibilities • Classify milestones within the DevSecOps maturity model • Explain DevSecOps requirements across the OWASP SDLC phases (Plan, Code, Build, Test, Release, Operate) • Apply Security Governance with DevSecOps including compliance as code • Explain and demonstrate how Threat Modeling is implemented as part of DevSecOps • Understand STRIDE methodology and continuous threat modeling approaches • Perform automated vulnerability scans using tools like OWASP ZAP, nikto, and trivy • Integrate automated security testing tools into CI/CD pipelines • Compare static and dynamic code analysis approaches • Use automated git hooks and linters for code quality and security checks • Scan third-party libraries for known vulnerabilities using dependency checking tools • Prevent secrets from being committed to source control • Analyze situations to optimize logging, monitoring, and alerting for security • Define monitoring and alerting response strategies for automated incident response • Use Security Metrics for Continuous Security Improvement Ideal Candidate Profile Active practitioner with hands-on experience in Fundamentals of DevSecOps or closely related domains. Practical, working knowledge of how the concepts listed above are applied in real professional settings. Does not need to be an academic researcher or industry thought leader — applied experience is what matters. Deliverables Completed skills assessment within the defined access window. Completed post-assessment survey. Compensation This is a flat-fee engagement, paid upon successful completion of the assessment and survey.