Devsecops Engineer

Greetings from Smart IT Frame!

Role: Devsecops Engineer

Location: Hartford, CT(Onsite)

Duration: Contract

What are the top 3 skills required for this role?

1. Azure DevOps with Yaml, Jfrog with X-ray, SonarQ and Az cloud Infra(ARM/Bicep)

2. DevSecOps with AppSec expertise (Azure Native Security tools)

3. Docker, K8, F5 are nice to have.

Job Description:

• Design, implement, and manage security tools and practices within CI/CD pipelines, focusing on reuse, scalability, performance, availability, and security.
• Lead the implementation of cloud-based architectures, networking, and containerization using Infrastructure-as-Code.
• Collaborate with teams to ensure secure software development practices in CI/CD pipelines.
• Create and improve process flows, documentation, and mock-ups to convey technical details.
• Integrate security testing tools (e.g., SAST, DAST, SCA, pen testing) into CI/CD workflows.
• Monitor and respond to security incidents and vulnerabilities promptly.
• Develop and maintain security policies, procedures, and documentation.
• Automate security processes to improve efficiency and reduce manual intervention.
• Partner with AppSec Expert to conduct and automate regular security assessments and audits, ensuring compliance with industry standards.
• Provide training and support on DevSecOps practices, enabling development teams to adopt and implement them.
• Utilize Azure DevOps for CI/CD pipeline management and automation.
• Develop self-service capabilities to enhance team productivity and autonomy.
• Identify and measure the benefits and business value of DevSecOps improvements.
• Present innovative solutions and ideas across all levels, working as both a leader and contributor.
• Identify gaps and propose modernization opportunities in the SDLC.
• Debug and troubleshoot issues with CI/CD pipelines.
• Create and maintain dashboards and reports to monitor security metrics and CI/CD performance.

Requirements:

• Proven experience as a DevSecOps Engineer or in a similar role.
• Strong knowledge of security tools (Jfrog xray, GitHub advanced security) and practices (e.g., OWASP, NIST).
• Experience with CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps).
• Proficiency in Azure cloud services and infrastructure.
• Familiarity with containerization and orchestration tools (e.g., Docker, Kubernetes).
• Strong scripting skills (e.g., PowerShell, Bash, BICEPS, ARM, YAML).
• Excellent problem-solving and analytical skills.
• Strong communication and collaboration skills
• Team Size: 3-5
• Reports to: Client Manage
• Key Deliverables: CI CD & SecOps implementation across the business.