What are the responsibilities and job description for the DevSecOps Engineer - Lawrenceville, GA (Onsite) position at Netorbit Inc?
Role: DevSecOps Engineer
Location: Lawrenceville, near Atlanta, GA (Onsite)
Duration: Long Term
Location: Lawrenceville, near Atlanta, GA (Onsite)
Duration: Long Term
- Assist comprehensive security reviews of application architecture, design, and code across various products and platforms for cloud-based architecture.
- Drive the implementation of secure development practices, including threat modeling, security design reviews, and code analysis.
- Lead the adoption and integration of automated security tools (SAST, DAST, IAST) within CI/CD pipelines to enhance continuous security testing.
- Collaborate with product and engineering teams to identify and address security risks, build security into new products, and remediate vulnerabilities.
- Serve as a point of contact for application security incidents, leading root cause analysis, mitigation, and preventive measures.
- Stay ahead of the latest cloud-native, DevOps, GitOps, and security trends, attack techniques, and tools, and apply that knowledge to improve our security posture.
- Provide strategic input into product and engineering roadmaps, ensuring security considerations are embedded in planning and execution.
- Develop and deliver DevSecOps training programs to elevate the DevOps and security maturity of the entire development organization.
- Create runbooks, documents, policies and procedures for managing security solutions and risk areas.
- Create key performance indicators that track the progress and effectiveness of DevOps and security program
- Bachelor’s or Master’s degree required in computer science, Information Security, or related field (or equivalent experience).
- 5 years of experience in application security or software development
- Strong experience with containers (Docker Kubernetes). Experience with other CNCF.io technologies is a plus.
- Strong experience with Azure, AWS, or GCP.
- Knowledge of secure coding practices, OWASP Top 10, SANS Top 25, and common web application vulnerabilities required.
- Proven experience leading security initiatives, including threat modeling, security architecture reviews, and remediation strategies required.
- Deep understanding of automated security testing tools (e.g., SAST, DAST, IAST) and integrating them into DevSecOps pipelines required.
- Strong coding skills in one or more programming languages such as .NET, C#, Java, Python, or JavaScript, with experience identifying and remediating security vulnerabilities preferred.
- Extensive experience securing cloud environments (AWS, Azure, GCP) and familiarity with container security required.
- Preferred: Certified Kubernetes Administrator or Application Developer (CKA or CKAD from CNCF)
- Proficiency in developing and executing security programs that scale across large, distributed environments preferred.
- Experience with DevSecOps and building security automation within CI/CD processes required.
- Contributions to the security community preferred