Cybersecurity DevSecOps Engineer
Roles and Responsibilities Requirements:
- The Cybersecurity DevSecOps Engineer is a securityfocused engineer dedicated to enhancing the security posture throughout the DOL DevSecOps lifecycle.
- Drive the unification and automation of processes to enable development of software capability across the entire DOL organization instrumental in combining code application maintenance and application management.
- Define implement and maintain secure pipelines promoting a culture of rapid and safe iteration; Design and refine scalable and reliable CI/CD processes with a securityfirst approach.
- Develop and enhance a robust build pipeline automating secure build/artifact delivery and Page 21 of 77 deployment.
- Use your expertise to identify and mitigate security risks always prioritizing reasoning and facts.
- Collaborate with the existing team to integrate and improve upon current infrastructure with security best practices.
- Conduct threat modeling and risk assessments ensuring that potential vulnerabilities are identified and addressed collaboratively.
- Lead and participate in security training and awareness initiatives for the development team.
- Develop and maintain an incident response plan ensuring preparedness in the event of a security breach.
- Collaborate with other developers to address security concerns at the root and craft lasting solutions.
- Works actively with application development teams DOL security/ISO Infrastructure and other teams to coordinate and optimize the steps that execute within the DevOps ecosystem and bring consistency and security best practices in approach tools and standards.
- Experience Requirements: Bachelor s degree with seven (10) plus years IT development experience (with a minimum of 5 years of experience in DevSecOps practice & tools).
- Experience building DevSecOps services in IaaS/PaaS/SaaS in Cloud (AWS Azure) environments and good understanding of their security considerations.
- Familiarity with containerization and orchestration tools like Docker and Kubernetes.
- Experience with Kubernetes Docker and/or other cloud orchestration technologies.
- Experience with CI/CD best practices automated builds and tests quality gates software quality and CI tools i.e. Jenkins Ansible Terraform etc.
- Experience with configuration management tools i.e. Git GitHub GitLab Bitbucket others.
- Familiarity with branching strategies gated commits sourcecontrolled management etc.
- Familiarity with the principle of DevSecOps; Atlassian JIRA or other defect tracking tool experience.
- Atlassian Confluence GitLab/GitHub Jenkins and artifact repository experience.
- Familiarity with security coding standard best practices static and dynamic scanning tools i.e. SonarQube Fortify Coverity PCLint etc.
- Programming and scripting experience in a UNIX environment (Bash Shell PowerShell Perl Python Bash Ruby Shell Scripts).
- Must have Agile/SAFe and other related developer certifications and or demonstrate equivalent experience Experience with tools and methodologies for code vulnerability and scanning.
static scanning tools,programming,agile,security posture,jenkins,code,kubernetes,branching strategies,atlassian confluence,atlassian jira,github,saas,ansible,code vulnerability scanning,ci/cd processes,engineering,scripting,iaas,automated builds,dynamic scanning tools,application management,cybersecurity,configuration management tools,safe,application maintenance,devsecops,gitlab,ci,jira,dol organization,docker,devops,security coding standard best practices,artifact repository,ci/cd best practices,terraform