DevSecOps Engineer

Our client provides cyber supply chain risk management solutions for critical infrastructure and critical manufacturing. They are one of the largest cybersecurity providers of supply chain risk management and asset vulnerability management solutions in the US. and helps secure over 30% of the US power grid and critical assets, as well as enterprises in other sectors such as Aerospace & Defense, Manufacturing, Telecom, Pharmaceuticals, Transportation, Insurance, and more.
The client teams are experts in the field of cybersecurity who are recognized leaders on industry best practices and processes. They were recognized as one of Orlando’s 2019 Best Places to Work, 2021 Inc 5000 Fastest Growing Companies in the US. Our organization was also recently published in Forbes magazine, among several other publications and recognized for our efforts in securing the U.S. power grid.

The client is looking for a DevSecOps Engineer with hands-on experience across the infrastructure stack in everything from networking, cloud and containerized environments, CI/CD pipelines, Infrastructure as Code (IaC) and monitoring with a focus on information security. You will work in a fast-paced environment utilizing modern Security and DevOps concepts and tools to support a variety of projects and products. This position will be in constant communication and coordination with software architects, security operations teams, project leaders, external customers, and senior management to build and deploy world-class information security solutions.

Responsibilities include:

• Automate the integration of security throughout the entire Software Development Lifecycle via a “security as code” approach
• Work with the security team to create simulated attacks that run in the CI pipeline (DAST)
• Participate in tabletop exercises to identify deficiencies in code and process
• Standardize, develop and maintain common development tools and infrastructure, such as CI/CD pipelines, monitoring, cluster management, config management, etc.
• Contribute to infrastructure, architecture, development, and deployment improvements
• Provide technical guidance and educate team members and coworkers on development and operations
• Monitor relevant systems for availability and performance
• Work with QA team to include Static Application Security Tests (SAST) to the CI pipeline

Minimum Qualifications:

• Extensive experience designing, building, and maintaining appSec pipelines
• BSC/BA in Information Technology, Computer Science or a related discipline
• Experience in CMMI-3 Environments
• Experience building and managing Static and Dynamic Code Scanning pipelines
• Experience working with SIEM and Log Management Systems
• Experience working with Vulnerability management tools (e.g. Tenable, Qualys, Rapid7, etc)
• Experience securing AWS, Azure, and OnPrem Infrastructures
• Experience supporting production, Linux-based infrastructure and administering services on AWS (RDS, VPC, CloudWatch, Cloud Formation, Lambda, API Gateway)
• Experience deploying DevOps technologies such as Kubernetes, Puppet, Salt, Ansible, Jenkins and Terraform
• Experience with layer 7 technologies such as API gateways, proxies, application delivery controllers and web application firewalls.
• Experience with database security and data segmentation practices for secure software apps
• Strong scripting and tooling skillset (Python or Golang)
• Self-motivated, resourcefulness and problem-solving aptitude
• Ability to successfully interface with both internal and external clients

 Preferred Experience:

• Excellent written and verbal communication skills
• Professional documentation, presentation and planning skills
• Excellent time management skills and proven ability to multi-task competing priorities
• SOC, NERC, and other compliance standards knowledge a plus

Benefits:

• Remote and Hybrid working environment
• Competitive pay structure
• Medical, dental, vision plans with employees covered up to 90% with highly progressive options for dependents and families
• Company paid life, short- and long-term disability insurance
• Employee Assistance Program
• 401(k) match
• Paid time off and holiday pay
• Access to thousands of Learning & Development courses that range from mental health and wellbeing, stress, and time management to an array of technical and business-related courses

Employment Perks:

• We provide each employee with professional growth opportunities through succession planning, up-skilling, and certifications
• Tuition and certification reimbursement
• Employee Referral Programs
• Company Sponsored Events