DevSecOps Lead

About the position

Kentro is hiring a skilled DevSecOps Lead to join our team. The successful candidate will be a dynamic leader who will drive the implementation of DevSecOps practices across the organization, mentoring and empowering engineering teams to adopt best practices. They will excel in defining comprehensive strategies, automating workflows, and ensuring secure, efficient, and scalable infrastructure through collaboration, continuous learning, and strong security and compliance oversight.

Responsibilities

• Lead the implementation of DevSecOps practices across the organization.
• Mentor DevSecOps engineers, providing guidance, support, and professional development opportunities.
• Foster a culture of collaboration, knowledge sharing, and continuous learning.
• Define a comprehensive DevSecOps strategy that aligns with the company's security and business objectives.
• Champion the adoption of automation tools and processes to enhance efficiency and security.
• Establish and enforce best practices across the software development lifecycle (SDLC).
• Monitor system performance and troubleshoot issues.
• Perform system upgrades and maintenance tasks.
• Automate infrastructure tasks using scripting languages (e.g., Python, Bash) and automation tools (e.g., AWS CDK, AWS Lambda, Terraform).
• Lead the full adoption of CI/CD, leveraging technologies such as GitHub Actions, Jenkins, AWS CodeDeploy, CodePipeline, and CodeBuild.
• Design and build ETL data pipelines for data processing and analysis, utilizing AWS native tools and visualization platforms such as Tableau.
• Optimize system performance and resource utilization, implementing cost-effective and efficient infrastructure solutions.
• Design and implement automated testing frameworks to ensure software quality and performance throughout the CI/CD pipeline.
• Manage and enforce software versioning control (via GitHub and AWS CodeCommit) to ensure seamless collaboration and version integrity across development efforts.
• Leverage configuration management tools to automate infrastructure provisioning and configuration.
• Drive the adoption of containerization technologies (e.g., ECS, EKS, Docker, Kubernetes) for efficient, portable application deployments.
• Utilize virtualization technologies to create scalable, isolated environments for development and testing.
• Design and implement automated security testing, vulnerability scanning (SAST & DAST), and compliance checks.
• Continuously monitor applications and cloud services for security vulnerabilities and compliance risks.
• Develop incident response plans for security incidents.
• Perform threat modeling and risk assessments to identify and mitigate potential security issues.
• Conduct post-mortem analysis to identify root causes and improve security posture.
• Work closely with engineers, data scientists, and solutions architects.
• Provide training and guidance to the development teams on secure coding practices and security tools.
• Communicate effectively with stakeholders on security risks and mitigation strategies.
• Develop account management governance policies to ensure secure user access, role-based permissions, and compliance with industry standards across cloud and on-premise environments.
• Maintain documentation, conduct audits, and stay updated on trends, vulnerabilities, and regulatory requirements.

Requirements

• Bachelor's degree in Computer Science, Engineering, or a related field. A master's degree in a relevant field is preferred.
• 7+ years of progressive experience in DevSecOps, DevOps, or a related role within a technical environment, including experience leading and mentoring DevSecOps engineers.
• Demonstrated experience in designing, implementing, and managing CI/CD pipelines and automated testing frameworks.
• Proven expertise in automating infrastructure and security tasks in cloud environments.
• Extensive experience with cloud platforms (e.g., AWS, Azure) and their security best practices.
• Proficiency in scripting languages (Python, Bash) and automation tools (e.g., Jenkins, GitHub Actions).
• Skilled in infrastructure deployment and management using IaC tools (e.g., AWS CloudFormation, Terraform).
• Proficient in automating infrastructure tasks with AWS services (e.g., AWS CDK, AWS Systems Manager, Lambda Functions, EventBridge).
• Experience with containerization technologies (e.g., Amazon ECS and EKS) and their secure integration into CI/CD pipelines.
• Ability to design and implement automated testing frameworks for CI/CD pipeline quality and performance, including unit, smoke, and regression testing.
• Expertise in automated security testing, vulnerability scanning, and continuous monitoring for security and compliance (e.g., AWS Inspector, AWS GuardDuty, AWS Security Hub, SonarQube).
• Familiarity with web technologies (e.g., HTTP, REST, API security) and database management (e.g., MySQL, PostgreSQL, MongoDB) to ensure data security and integrity in cloud and hybrid environments.
• Knowledge of account management governance, user access control, and regulatory compliance across cloud/on-prem environments, leveraging (e.g., AWS IAM, AWS Organizations, AWS Artifact).
• Skilled in version control (e.g., Git) and configuration management (e.g., AWS OpsWorks, AWS Systems Manager).
• Experience optimizing system performance and resource utilization using cloud services (e.g., EC2, S3, Auto Scaling).
• Excellent analytical, problem-solving, and troubleshooting abilities.
• Ability to work collaboratively in a team-oriented environment and drive initiatives to completion.
• Proactive approach to identifying and addressing security challenges.

Nice-to-haves

• Familiarity with software development methodologies (e.g., Agile, Waterfall).
• Experience utilizing virtualization technologies (e.g., VMware, Hyper-V).
• Experience implementing web application security (e.g., WAF, AWS Shield) and database security practices (e.g., encryption, IAM for RDS, Aurora, and DynamoDB).
• Experience in developing incident response plans, performing threat modeling, and conducting post-mortem analysis using AWS CloudTrail, AWS Config, and AWS CloudWatch.
• AWS certifications (e.g., DevOps Engineer, Solutions Architect).
• Knowledge of requirements of the various compliance frameworks such as NIST 800-53, CMMC 2.0, etc.

Benefits

• Competitive benefits package including paid time off.
• Healthcare benefits.
• Supplemental benefits.
• 401k including an employer match.
• Discount perks.
• Rewards.
• Education reimbursement for certifications, degrees, or professional development.
• Flexibility for professional growth and networking.
• Fun activities - virtual and in-person.
• Charity galas/events.