GPS - DevSecOps Cloud Engineer - Supervising Associate

From strategy to the Government & Public Sector (GPS) practice of Ernst & Young LLP provides a full range of consulting and audit services to help our Federal State Local and Education clients implement new ideas to help achieve their mission outcomes. We deliver real change and measurable results through our diverse highperforming teams quality work at the highest professional standards operational knowhow from across our global organization and creative and bold ideas that drive innovation. We enable our government clients to achieve their mission of protecting the nation and serving the people; increasing public safety; improving healthcare for our military veterans and citizens; delivering essential public services; and helping those in need. EY is ready to help our government build a better working world.

Our GPS Technology Organization is a structure within the US GPS practice that implements and maintains a new operate and technology model designed specifically to support U.S. defense and Government engagements.

The opportunity

The DevSecOps role primarily focuses on integrating security practices into the DevOps process ensuring that security is an integral part of the software development lifecycle. In short a DevSecOps professional ensures security as code becomes a seamless part of the software development lifecycle balancing speed reliability and safety.

Your key responsibilities

• Create develop and implement solutions to address infrastructure and security requirements
• Ensuring applications and systems comply with CMMC and FedRAMP security standards.
• Generating audit reports and maintaining compliance documentation.
• Identify the needs for build automation designing and implementing CICD solutions
• Consult on DevSecOps requirements from diverse application/line of business partners
• Publish and disseminate CICD best practices patterns and solutions
• Design action plans in partnership with the DEVOPS team to address CICD platform/tools/solutions shortcomings and difficulties and secure design. Design implement and manage CI/CD pipelines with integrated security checks and automated testing. Ensure that security is embedded at every stage of the software development lifecycle
• Actively participate in bridge calls with team members and contractors/vendors to prevent or quickly address problems
• Troubleshoot identify and fix problems in the DevSecOps domain
• Ensure incident tracking tools are updated in accordance with established norms and processes gather all essential data and document any discoveries and concerns
• Identify management concerns and problems assess them and offer prompt solutions and/or escalation
• Align with technological Systems/Software Development Life Cycle (SDLC) processes and industrystandard service management principles (such as ITIL)
• Collaborate with development operations and security teams to promote and enforce secure software development practices. Provide guidance on secure coding standards and practices
• Automated Security Testing: Work with the DEVOPS team to implement automated security testing tools and processes including static code analysis dynamic application security testing (DAST) and software composition analysis (SCA)
• Collaborate with the DEVOPS team to ensure the security of containerized applications by implementing best practices for container security including image scanning runtime protection and secure orchestration

Skills and attributes for success

• Comprehensive technical expertise in a variety of DevSecOps toolkits including Ansible Jenkins Artifactory Jira Black Duck Terraform Git/Version Control Software or comparable technologies
• Familiarity with information security frameworks and standards
• Knowledge of DevOps Automation (TerraFrom GitHub GitHub Actions)
• Knowledge of Prisma cloud SIEM SOC Nesus Crowd strike or similar services
• Familiarity with API Security Container Security AWS Cloud Security
• Knowledge of PCIDSS HIPPA SOX GDPR and CCPA Standards and Policies and the associated certification and audit processes
• Familiarity with Amazon AWS policy configuration and security management tools
• Experience with security automation and machine learning
• Proven capacity for thinking leadership and a highly creative problemsolver
• Excellent analytical and interpersonal skills

To qualify for the role you must have

• Bachelors degree in computer science Information Technology or a related field or relevant experience
• Minimum of 5 years of experience in DevOps security or cloud engineering roles
• Ability to express technical information clearly at different organizational levels

Ideally youll also have

• Masters degree preferred
• Experience working in a high clearance government environment is highly desirable
• Experience with Web Application Firewall Engineering is highly desirable
• One of the below certifications:
  • CISM CISSP or other Security Certifications
  • Auditing and Compliance Certifications such as CISA PCIISA and PCIP
  • DevSecOps Foundation
  • DevSecOps Practitioner
  • XIN DevSecOps Manager
  • GIAC Cloud Security Automation (GCSA)
  • Certified DevSecOps Engineer (CDSOE)
  • Certified DevSecOps Professional (CDP)
  • DevSecOps Engineering (DSOE)
  • Certified Ethical Hacker (CEH)

• Continuous learning: Youll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: Well provide the tools and flexibility so you can make a meaningful impact your way.
• Transformative leadership: Well give you the insights coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: Youll be embraced for who you are and empowered to use your voice to help others find theirs.