dice is Hiring a Sr. DevSecOps Engineer - Hybrid - Hyattsville, MD (2X per week onsite) Near Hyattsville, MD
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Spruce Infotech Inc, is seeking the following. Apply via Dice today! DevSecOps EngineerLocation: Hyattsville, MD (2X per week onsite) What you will do:
Support design, implementation, and maintenance of security controls and processes across the SDLC, including code scanning, vulnerability assessment, and security testing.
Create, develop, and implement automation and system integration for various build platforms.
Create plug-and-play/reusable solutions and patterns for CICD pipelines, and build or maintain CICD building blocks and shared libraries proactively for development and deployment efficiency
Publish and disseminate DevSecOps best practices, patterns, and solutions
Monitor and respond to security incidents, conducting root cause analysis and implementing corrective actions to prevent future occurrences.
Design action plans to address CICD platform/tools/solutions' shortcomings and difficulties
Working closely with Cloud Infrastructure and Security teams to ensure organizational best practices are followed
Perform performance analysis and optimization, monitoring and problem resolution, upgrade planning and execution, and process creation and documentation.
Align with technological Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL)
Can function in project leadership roles and represent Vidoori as the prime customer contact on significant technical matters
Experience:
Ten (10) years in engineering, computer science, or related field
Five (5) years of hands-on experience supporting DevSecOps to build and automated software development processes.
Extensive knowledge of institutionalizing Agile and DevSecOps toolkits not limited to but including: Ansible, Jenkins, GitLab, Artifactory, Jira, Terraform, Version Control Software, or comparable technologies.
Familiarity with information security frameworks and standards (SAST, DAST, IAST, RASP)
Familiarity with Threat modeling, Static Analysis Tools, and Risk Assessment Techniques
Strong understanding of cloud computing platforms (e.g., AWS, Azure, Google Cloud Platform) and experience with cloud security best practices.
Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, dynamic environment.