DevSecOps Engineer
Description:
Job Description
The DevSecOps Engineer will execute and participate in the integration of security practices into the development and operations process to ensure continuous delivery of secure and resilient software, as well manage DevSecOps tools and the central CI/CD pipeline. This person will help implement security practices throughout development and operations while implementing automated security testing and risk assessments and deploy scalable applications within DevOps/AWS computing environments. This is an Agile, collaborative, fast-paced environment that promotes cohesion between multiple development, product, cloud, and cloud deployment/DevOps teams. The ideal person will be able participate and lead the technical designing and cloud deployment phases of the Software Development Life Cycle (SDLC).
Duties and Responsibilities:
Meet with technical leadership and executive teams to integrate security practices throughout development and operations while implementing automated security testing/risk assessments.
Deploy and maintain security tooling for monitoring/incident response and ensure compliance with industry standards and regulations.
Collaborate with teams to promote a security-aware culture and respond to incidents effectively in addition to monitoring and assessing the performance of tools / software.
Ensure CI/CD pipelines are in place and build tools / software to enhance end-user experience and integrate with internal systems.
Provide expertise for cyber security technical and non-technical solutions; review and provide guidance enabling business system in the cloud while leveraging Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Software as a Service (SaaS) in a manner that adheres to information security policy and standards.
Deliver a comprehensive DevOps platform that allows other engineering teams to be productive with minimal training in addition to implementing and integrating Cloud oriented CI/CD pipelines and maintaining available platform environments (Terraform automation).
Support Infrastructure as Code (IaC) processes to enable auto provisioning on development teams while profiling and troubleshooting existing solutions and integrations.
Deploy and maintain services around platforms and design and develop back-end microservices and REST APIs for web app architecture while owning, developing and supporting core platforms.
Required Education, Experience & Qualifications:
Bachelor’s degree is required
7+ years’ experience in DevSecOps integrating security practices into the development and operations process (DevOps, CI/CD)
Solid understanding of DevSecOps Architecture
Must be able to integrate security practices throughout development, operations and testing
Deep expertise in usage of Jira, DevSecOps methodologies, including CI/CD, IaC, SRE practices, and security integration
Experience designing for containerized and cloud-native environments (AWS, Azure, GPC)
Understanding of build, deployment & CI/CD tools (Terraform and/or CloudFormation)
Highly Desirable (but not required) Skills include:
Understanding of regulatory compliance standards relevant to financial services (e.g., SOX, NIST, FFIEC, GLBA)
Full-time