DevSecOps Engineer

Modern Technology Solutions Inc•Bath Township, OH

About The Position

Security Automation: Automate security testing, vulnerability scanning, and compliance checks within the CI/CD pipeline. Infrastructure as Code (IaC) Security: Securely manage CI infrastructure using IaC principles, ensuring security best practices are implemented from the start. Security Tool Integration: Integrate and manage various security tools, including SAST, DAST, SCA, and infrastructure security scanners. Incident Response: Participate in security incident response, including investigation, containment, and remediation. Compliance and Auditing: Assist with compliance audits (e.g., SOC 2, PCI DSS, HIPAA) by providing evidence and automating compliance checks. Security Training and Awareness: Promote security awareness and provide training to development and operations teams. Security Monitoring: Implement and maintain security monitoring solutions to detect and respond to security threats. Continuous Improvement: Continuously improve security practices and automation, keeping up with the latest security threats and technologies. Collaboration: Collaborate effectively with development, operations, and security teams to achieve shared goals. Documentation: Create and maintain clear and concise documentation for security procedures and best practices. Stay up-to-date: Continuously learn about the latest security trends, tools, and techniques.

Requirements

Bachelor's degree in Computer Science, Information Security, or a related field.
5+ years of experience in a DevSecOps or related role.
Strong understanding of CI/CD pipelines and DevOps principles.
Experience with containerization tools such as Docker and Podman.
Experience with scripting languages such as Python, Bash, or Go.
Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners.
Experience with containerization technologies such as Docker and Kubernetes.
Solid understanding of security principles and best practices.
Strong analytical and problem-solving skills.
Excellent communication and collaboration skills.
Security certifications such as Security+, CSSLP, CISSP, CISM, or CEH.
Experience with GitLab CI and GitLab Runners.
Experience with security automation tools such as Ansible or Chef.
Experience with Infrastructure as Code tools such as Terraform or CloudFormation.
Experience with cloud platforms such as AWS, Azure, or GCP.
Experience with security monitoring tools such as SIEM or IDS/IPS.
Experience with compliance frameworks such as SOC 2, PCI DSS, or HIPAA.
Experience with container orchestration software such as Kubernetes.
Experience with threat modeling methodologies.
Contributions to open-source security projects.
Must possess an active DoD Top Secret Clearance with SCI and SAP eligibility.

Responsibilities

Automate security testing, vulnerability scanning, and compliance checks within the CI/CD pipeline.
Securely manage CI infrastructure using IaC principles, ensuring security best practices are implemented from the start.
Integrate and manage various security tools, including SAST, DAST, SCA, and infrastructure security scanners.
Participate in security incident response, including investigation, containment, and remediation.
Assist with compliance audits (e.g., SOC 2, PCI DSS, HIPAA) by providing evidence and automating compliance checks.
Promote security awareness and provide training to development and operations teams.
Implement and maintain security monitoring solutions to detect and respond to security threats.
Continuously improve security practices and automation, keeping up with the latest security threats and technologies.
Collaborate effectively with development, operations, and security teams to achieve shared goals.
Create and maintain clear and concise documentation for security procedures and best practices.
Continuously learn about the latest security trends, tools, and techniques.