Job Summary:
The
DevSecOps Engineer is responsible for integrating security practices into the DevOps pipeline. This role involves collaborating with development, operations, and security teams to ensure that security is embedded throughout the software development lifecycle. The DevSecOps Engineer will design, implement, and manage security automation, monitoring, and response strategies to safeguard the organization’s infrastructure and applications. This is a 6 month contract to hire and requires an active Top Secret clearance or higher.
Responsibilities:
- Security Integration:
- Embed security controls, processes, and tools into the DevOps pipeline.
- Ensure that security is an integral part of the CI/CD processes.
- Implement security testing automation (e.g., SAST, DAST, and vulnerability scanning).
- Infrastructure as Code (IaC):
- Develop and maintain secure infrastructure using IaC tools such as Terraform, Ansible, or CloudFormation.
- Conduct security reviews and audits of IaC scripts to identify and mitigate risks.
- Ensure compliance with security best practices and standards.
- Monitoring and Incident Response:
- Implement and manage security monitoring tools to detect and respond to threats.
- Develop automated incident response playbooks to handle security incidents.
- Collaborate with the security team to perform regular threat modeling and risk assessments.
- Continuous Improvement:
- Stay updated with the latest DevSecOps practices, tools, and technologies.
- Identify opportunities to enhance security posture and reduce vulnerabilities.
- Conduct security training and awareness sessions for development and operations teams.
- Collaboration and Communication:
- Work closely with development, operations, and security teams to promote a culture of security.
- Facilitate communication and coordination between all stakeholders to ensure seamless integration of security practices.
- Provide security guidance and support to engineering teams throughout the development lifecycle.
- Compliance and Documentation:
- Ensure compliance with relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
- Maintain detailed documentation of security processes, configurations, and incidents.
- Prepare and present security reports and metrics to management.