DevSecOps ENGINEER

About The Position

Requirements

• Must have a bachelor's degree in Computer Science or related engineering or scientific field of study from an accredited college or university.
• Must have Secret security clearance and be able to obtain Top Secret/SCI
• Must have IAT level II baseline certification
• Must have Computing Environment (CE) certification
• Must have a minimum of two (2) years of experience, of which at least one (1) must be specialized experience including cybersecurity analysis and implementation of cybersecurity technical controls
• Must have strong experience in C# and .NET programming languages.
• Must understand heterogeneous information systems and networking technologies
• Must understand information system ports, protocols and services
• Must understand interface standards specifications and information system programming techniques, best practices and standards
• Must have and maintain an appropriate DoDI 8570.01-M (Information Assurance Workforce Improvement Program) certification for the appointed duty level
• Must have experience with tools like Azure DevOps, GitLab, SonarQube, SonaType, BurpSuite professional and AWS GovCloud.
• Must be proficient with Containerized deployments of applications using AWS EKS, Helm Charts, or other containerization platforms.
• Must have knowledge of scripting languages such as PowerShell.
• Must be proficient in creating containerized applications.

Nice To Haves

• Experience with PowerShell or other scripting languages
• Experience with Amazon Web Services (AWS) architectures and security
• Experience with secure container deployments and setting up and configuring containerized environments.
• Strong communication skills specifically when interacting with Cybersecurity teams and development teams.
• Ability to configure and maintain automated pipelines within DevOps environments.
• Develop automated capabilities.
• Ability to Implement DevSecOps compliance standards set forth by the Army.

Responsibilities

• Manage security measures for containerized services using Docker, Kubernetes, and similar technologies.
• Develop and maintain documentation related to DevSecOps processes and tools.
• Monitor security tools in the development pipeline and adjust as necessary to improve automation and effectiveness.
• Collaborate with developers to enforce standards and to identify and mitigate security risks.
• Integrate security tools into CI/CD pipelines to ensure secure deployment practices and minimize vulnerabilities.
• Secure system configurations and install security tools, scan systems to determine compliance and report results and evaluate products and various aspects of system administration.
• Conduct security program audits and develop solutions to mitigate risks.
• Evaluate, develop and enhance security assessment capabilities.
• Perform vulnerability assessments including development of risk mitigation strategies.
• Applies science and/or engineering techniques to develop cybersecurity controls for information system, network and/or application design
• Ensure cybersecurity controls are effectively implemented early in the system design and engineering process to enable the technology to be used at the minimal acceptable level of risk
• Serve as a cybersecurity technical expert that participates in critical system development review meetings as part of the acquisition life cycle
• Promote the design and development of secure interface specifications between interconnected systems and develop interface control documentation
• Conduct analysis of and documents ports, protocols and services used in information systems and/or networks
• Design, develop, integrate, and update system security measures (including polices and requirements) that provide confidentiality, integrity, availability authentication, and non-repudiation of information systems, networks, components, and/or applications that are consistent with technical specifications
• Conduct analysis of requirements for cross domain solutions, test cross domain solutions and make implementation recommendations
• Analyze and resolve cybersecurity technical problems
• Configure testbeds and conduct testing, record and analyze results, and provide recommendations for improvements for the products/systems under test
• Identify threats and vulnerabilities, develop risk analyses, risk assessment documentation, and researches and develop countermeasures to those threats and vulnerabilities
• Promote secure engineering techniques, principles, architectures, and designs within the organization and with external stakeholders
• Techniques for doing so include, but are not limited to, authoring white papers, creating and delivering presentations, and participating/leading working groups or integrated product teams