DevSecOps Engineer

Emprise Corporation is a fast-growing company that has been serving government and commercial clients for over 36 years. We are the industry leader in Predictive Maintenance and Condition Monitoring by offering a wide set of capabilities that allow us to provide premier products and services that help our clients operate more effectively and efficiently. We're looking for a talented DevSecOps Engineer to join our Team in Chesapeake, VA.

Reporting to the CIO, this position will function daily as the liaison between Engineering/Operations, Systems Development, and IT Operations & Security.

Responsibilities:

Testing Environment Setup & Management

Design and create standardized, efficient, and security-focused testing environments, developing and manual and automated testing configurations for internal and external systems.

Provide setup, configuration, and support for various releases of Apache Tomcat, Apache2 & IIS configurations, Multiple Web applications, RDBMS's with various database systems and versions. Understand the configurations and properties of each and the interaction required between application layers.

Support database configuration, administration, and content of databases for internal test platforms to mirror various remote customer sites' configurations.

Provide Full Stack Application support to ensure that all components are configured properly, and interactions are secure, error free and optimized.

Provide setup, configuration, and support for external performance testing events in secure labs. Includes event coordination and execution with customer personnel.

Security & Risk Management

Provide support for Risk Management Framework (RMF), including Boundary Diagrams, Authority to Operate (ATO), and Ports Protocols Services Management (PPSM). Maintain a thorough knowledge of the content within.

Technical Leadership in the creation, deployment, and management of PKI Certificates (DoD, Self-Signed, etc.) for both hardware and software environments.

Maintain awareness of vulnerabilities and security concerns of test and production environments, including internal code and its dependencies. Provide remediation support for issues as required.

Provide input on best practices for Security and Operations in shift-left Development Process

Application & Device Deployment

Perform and support application deployments to remote customer sites using delivery mechanisms such as: Proprietary Remote Transfer, Hard Copy (CD/DVD/etc.), and future WSUS Packages. Application deployments may occasionally require in person visit to a vessel for advanced environment validation or troubleshooting.

Coordinate with responsible internal and third-party agents for packaging and testing software installations, patches and other distributions.

Miscellaneous Day to Day

Create, update, and present product environment configurations and supporting systems

Collect and analyze server and application logs of various types both locally and remotely. Provide recommendations and potential corrective actions when problems are found.

Communicate regularly with internal and customer points of contact (verbal and written). Required Qualifications:

BS in an IT-related field (or equivalent experience) and 7+ years of Systems Integration/Development/Security/Operations experience

Strong fundamentals in full-stack systems integration, network operations, Apache Tomcat and application server skills

Experience in Systems Administration (Windows Server/Active Directory & Linux)

Knowledge of Public Key Infrastructure and various authentication mechanisms

High-level programming and scripting experience such as: Java, Powershell etc.

Experience with SQL at and RDBM concepts and integration

Experience with build/test/release management, general automation, and security processes in CI/CD pipeline

Ability to obtain and maintain a DoD Security Clearance

Strong verbal, written, and communication skills

Ability to occasionally support work onboard maritime vessel pier side Desired Qualifications:

Experience in CMMC2.0, NIST 800-171, Microsoft 365 GCCH, Purview, Azure, Intune

Knowledge of DevSecOps tools such as: git, Jenkins, Nesus, Nexus, Fortify, SIEM's, Black Duck etc.

Experience with Containers and VMs with regard to DevSecOps optimized environments

Experience with cloud platform services

Experience with Linux and in one or more scripting languages (e.g., bash)

Programming experience with Windows installer packages (e.g., NSIS)

Programming experience with Tomcat internals (e.g., Valves/Filters, etc.)

Security configuration and operations experience with OpenSSL and Apache Tomcat tcnative

Security+ Certification