SUMMARY: The DevSecOps (Development, Security, and Operations) Engineer is
responsible for integrating security practices into the SSDLC. They must
possess a deep understanding of development, security, and operations,
allowing them to design and implement robust security measures
throughout the software development lifecycle. The DevSecOps Engineer
works closely with development and operations teams to automate
security checks, identify vulnerabilities, and establish secure coding
practices. DevSecOps Engineers are also responsible for implementing
continuous integration and continuous deployment (CI/CD) pipelines with
integrated security testing, monitoring, and auditing tools. They will work
closely with both the system administrators and developers to maintain a
secure and reliable system.
ESSENTIAL JOB DUTIES AND RESPONSIBILITIES: Those duties necessary to meet the minimum requirements of the position.
To perform this job successfully, the individual must be able to perform each essential duty satisfactorily. Reasonable accommodation may be
made to enable individuals with disabilities to perform the essential functions. Other duties may be assigned.
- Collaborate with developers and security professionals to implement DevSecOps practices throughout the software development lifecycle (SDLC)
- Design, develop, and implement secure CI/CD pipelines using tools like Jenkins, GitHub/GitLab CI/CD, or AWS
Code Pipeline
- Conduct security scans and vulnerability assessments for code, containers, and infrastructure
- Develop and implement security best practices for application development, deployment, and operations
- Monitor system health and performance, identify and troubleshoot issues proactively
- Monitor security alerts and events and respond to incidents promptly
- Perform root cause analysis of security incidents and implement preventive measures
- Contribute to the development and maintenance of infrastructure automation scripts
- Write clean and well-documented code for automation tasks (experience with PHP a plus)
- Stay up to date on the latest DevSecOps tools, technologies, and security threats.
- Ensure compliance with industry standards and regulations (e.g., NIST Csf, NIST 800-171, NIST 800-53)
- Maintain and improve security policies, procedures, and documentation
BASIC QUALIFICATIONS: The basic qualifications listed below are representative of the relevant knowledge, skills, and/or experience required in order to be hired. These are requirements that we have determined are the minimum a candidate must have in order to be successful in this role.
Formal Education, Licenses, and Certifications Required:
Must possess one or more of the following:
- Bachelor’s degree in computer science, Information Technology, or a related field of study
- Associate’s degree in computer science, Information Technology, or a related field of study with a minimum of seven (7) years of experience in a DevSecOps role or a similar field with core PHP, PHP with Laravel, and Nginx experience
- High school diploma or equivalent with a minimum of ten (10) of years of experience in a DevSecOps role or a similar field with core PHP, PHP with Laravel, and Nginx experience
- Must be a US Person which is either a US citizen or a permanent resident of the US
Type and Length of Specific Experience Required:
- Minimum of five (5) years of experience in a DevSecOps role or a similar field with core PHP, PHP with Laravel, and Nginx experience
- Experience with CI/CD tools and methodologies
Knowledge and Skills Required:
- Strong understanding of software development principles and best practices
- Working knowledge of Linux systems administration
- Strong understanding of security principles and best practices (OWASP Top 10, etc.)
- Understanding of networking and system security principles.
- Excellent problem-solving and analytical skills
- Effective communication and collaboration skills
- Ability to work with minimal management oversight