Description

Role

DevSecOps engineers play a critical role in ensuring that security is integrated into every stage of the software development lifecycle. They work closely with software development teams to automate security testing, implement security best practices, and ensure that secure coding standards are followed. They also monitor and respond to security threats, conduct security audits, and constantly strive to improve the security posture of the organization.
To excel in this role, a DevSecOps engineer must have a strong background in software development, cybersecurity, and automation. They must be able to think creatively to anticipate and defend against ever-evolving threats. They must also have excellent communication skills to collaborate effectively with teams across the organization.
Overall, DevSecOps engineers are crucial in helping organizations stay ahead of cyber threats and protect their valuable data and assets. If you have a passion for cybersecurity and a knack for software development, this role might be the perfect fit for you. Join us in our mission to build secure and resilient software that powers the future.

Major Duties and Responsibilities

Design, implement, and maintain secure DevOps practices and processes across the entire software development lifecycle.

Collaborate with development, operations, and security teams to integrate security into every aspect of the software development process.

Develop and maintain automated security testing and monitoring tools to identify vulnerabilities and security issues.

Implement and manage continuous integration and continuous deployment (CI/CD) pipelines with a focus on security best practices.

Conduct security assessments, code reviews, and penetration testing to identify and remediate security vulnerabilities.

Monitor and respond to security incidents, conducting thorough investigations and implementing effective solutions to mitigate risks.

Stay up-to-date with the latest security trends, threats, and technologies to proactively address potential security risks.

Assist in the development and implementation of information security policies, standards, and procedures.

Provide guidance and support to development teams on secure coding practices and security requirements.

Collaborate with stakeholders to ensure compliance with regulatory requirements and industry standards.

Qualifications

Knowledge and Skills

Experience

Two to Five years of similar or related experience, including time spent in preparatory positions.

Education/Certifications/Licenses

A college degree.

Interpersonal Skills

A significant level of trust, credibility and diplomacy is required. In-depth dialogue, conversations and explanations with customers, direct and indirect reports and outside vendors can be of a sensitive and/or highly confidential nature. Communications may involve motivating, influencing, educating and/or advising others on matters of significance. Typically includes subject matter experts as well as first level to middle managers.

Other Skills

Bachelor's degree in Computer Science, Information Security, or related field. Proven experience as a DevSecOps Engineer, Information Security Analyst, or similar role. In-depth knowledge of DevOps principles and practices, including CI/CD pipelines, infrastructure as code, and automation tools (e.g., Jenkins, GitLab, Terraform). Strong understanding of security principles, protocols, and technologies, such as encryption, authentication, and access control. Experience with security testing tools and techniques, such as static analysis, dynamic analysis, and penetration testing. Familiarity with cloud computing platforms (e.g., AWS, Azure, GCP) and their security controls. Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams. Relevant certifications (e.g., CISSP, CEH, AWS Certified Security Specialty) are a plus.

ADA Requirements

Physical Requirements

Is able to bend, sit, and stand in order to perform primarily sedentary work with limited physical exertion and occasional lifting of up to 10 lbs. Must be capable of climbing / descending stairs in an emergency situation. Must be able to operate routine office equipment including computer terminals and keyboards, telephones, copiers, facsimiles, and calculators. Must be able to routinely perform work on computer for an average of 6-8 hours per day, when necessary. Must be able to work extended hours or travel off site whenever required or requested by management. Must be capable of regular, reliable and timely attendance.

Working Conditions

Must be able to routinely perform work indoors in climate-controlled shared work area with minimal noise.

Mental and/or Emotional Requirements

Must be able to perform job functions independently or with limited supervision and work effectively either on own or as part of a team. Must be able to read and carry out various written instructions and follow oral instructions. Must be able to complete basic mathematical calculations, spell accurately, and understand computer basics. Must be able to speak clearly and deliver information in a logical and understandable sequence. Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public. Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace. Must be able to effectively handle multiple, simultaneous, and changing priorities. Must be capable of exercising highest level of discretion on both internal and external confidential matters.