DevSecOps Engineer
About The Position
The DevSecOps Engineer, of the Security Operations and Compliance subfamily of the IS and Compliance job family, is responsible for the organization's information security, compliance, and risk management programs to safeguard internal company data and the data of our clients. The Security Operations and Compliance subfamily is responsible for the management of the company's information security policies, processes, and toolsets; vendor risk management in terms of their information security practices; audit; and compliance with internal security policies, government regulations, vendor security requirements, and customer security requirements. The DevSecOps Engineer will review and assess the security of applications and infrastructure within the products' development stage. The professional level 2 role will provide expertise and best practices to address application development security concerns. The role will oversee the management and remediation of identified security flaws within DevOps processes.
Requirements
- Ability to determine a course of action based on guidelines and modifies processes and methods as required
- Ability to exercise judgment within defined procedures and practices to determine appropriate action
- Ability to build productive internal/external working relationships to resolve mutual problems by collaborating on procedures or transactions
- Bachelor’s degree and 2-4 years of related experience or equivalent work experience
- Ability to build productive internal/external working relationships to resolve mutual problems by collaborating on procedures or transactions
- 3+ years of experience in software engineering/software development, including Web apps and technologies
- 1+ years of hands-on experience in implementing/maintaining CI/CD, security, and data pipelines
- Experience in languages such as Python, C+, Java, Powershell, and Understanding of modern web technologies and relationships between them
- 1+ years of experience using SSH including managing and upgrading software and systems via SSH
- Understanding of Linux, NGINX, DNS, Docker, TLS, GitLab, Artifactory
- Knowledge of the Linux command line, patch management, and related information security functions (authentication, encryption, SSL, etc.)
Responsibilities
- Assist in user issues while working with SR. DevSecOps Engineer
- Assist in designing, building, and testing scripts in native and tool-dependent languages for continuous integration, continuous delivery pipeline to limit manual testing and troubleshooting
- Follow the direction for the development of an automated framework for Security Tool deployment and development, leveraging various scripting languages and open-source solutions
- Use Security-as-Code principles, build templates to automate security vulnerabilities, and suggest and implement proper alternatives
- Maintain interfaces with outside systems, analyze downtimes, analyze proposed system modifications, upgrades, and identification of new commercial off-the-shelf software
- Follow necessary monitoring, auditing, and reporting frameworks that produce artifacts supporting security and compliance needs
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
501-1,000 employees
