Senior DevSecOps Engineer

Job Description

Location: Herndon, VA – 3 Days/Week

USC with Active Secret Clearance or Higher

Navitas Business Consulting is seeking a Senior DevSecOps Engineer to join our DevSecOps team. In this role, you will work closely with developers, ops engineers, and infosec team members to ensure security is built into our development lifecycle from the start. Responsibilities include:

Responsibilities:

Performing infrastructure security reviews, threat modeling, and risk analysis for systems built on AWS and deployed via infrastructure-as-code tools like AWS CloudFormation

Implementing and managing security controls within AWS including IAM, VPCs, security groups, WAF, encryption, audit logging, etc.

Performing static and dynamic analysis on source code using tools like Anchor/Grype, SonarQube, and Syft to catch security issues early.

Integrating security tools like secrets management, SAST, DAST, and dependency scanning into CI/CD pipelines in GitHub Enterprise and AWS Code Pipeline

Building and configuring hardened Linux server images using tools like Packer that follow security best practices.

Implementing security monitoring and runtime protection for containers and services running on AWS ECS

Helping define security requirements and compliance controls for regulated workloads built on AWS services like RDS Aurora

Creating and managing infrastructure security policies as code via tools like Open Policy Agent

Triaging and resolving security issues, working with developers and ops teams to implement fixes and improvements.

Keeping up to date with the latest cloud security best practices and threats

Required Skills/Experience:

5+ years’ experience in an information, cloud, or infrastructure security role

Deep knowledge of AWS security services and features

Experience with infrastructure-as-code and configuration management tools like Ansible, Terraform, or CloudFormation

Proficiency in Linux administration and security best practices

Knowledge of container and orchestrator security (Docker, Kubernetes, ECS

Experience with DevSecOps processes and toolchains like GitHub, Jenkins, Code Pipeline, etc.

Strong scripting/coding ability (Bash, Python, Go, etc.)

Knowledge of compliance frameworks like PCI, HIPAA, FedRAMP, etc.

Navitas Business Consulting Inc. is an Equal Opportunity Employer with a commitment to diversity. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, sexual orientation, disability status, protected veteran status, or any other characteristic protected by law.

Powered by JazzHR

uaAn5JSpEb