Momento USA is a global technology consulting, talent acquisition and creative development firm that addresses clients most pressing needs and challenges.
We currently looking for DevSecOps Engineer.
Please see the job description below for your reference.
Position : DevSecOps Engineer
Duration: 6 months to 1 year
Pay rate : Market
They need a candidate with a developer mindset and strong security posture who has transitioned to DevSecOps role. Very strong understanding of Containers is a must have along with Scripting skills.
Below is the detailed job description:
The DevSecOps engineer is an advanced role to help support, secure, manage and deploy solutions that support business objectives. The role is highly technical, and candidates must possess a solid understanding of information security, infrastructure, and software. The DevSecOps engineer supports continuous integration and continuous deployment (CI/CD) initiatives and is an integrated team member working with software developers, system engineers, cybersecurity engineers and systems administrators. The role is heavily security-focused and ingrained in the CI/CD pipeline automation to deliver security principles and validation at all times.
DevSecOps engineers have a strong work ethic, perform analytical and critical thinking, and are masterful at meeting change requests on demand. In tandem with security and technical leadership, and with multi-disciplinary departments, DevSecOps engineers embody security-first principles, constantly assess the threat landscape, and adapt quickly to manage enterprise risk, as well as integration and deployment requirements.
Essential Job Duties
- Build relationships with developers, stakeholders, and scrum master to incorporate security principles into engineering design and deployments.
- Supervise testing and validation in application security controls across projects.
- Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
- Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads.
- Serve as a point of contact for security-based escalations and remain tightly involved through resolution.
- Simplify automation that applies security inter-workings with CI/CD pipelines.
- Support the ability to "shift left" and incorporate security early on and throughout the development lifecycle.
- Identify vulnerabilities in code through automated and manual assessments and promote quick remediation.
- Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business.
- Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds.
- Join forces and provision security principles in architecture, infrastructure, and code.
- Enrich DevOps architecture with security standards and best practices.
- Perform other duties as assigned.
Skills And Experience
- At least 5+ years' experience in information technology, information security administration or security operations.
- Experience with agile workflows, including Scrum and Kanban.
- Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes).
- Understanding of CloudFormation, Terraform, Ansible and Jenkins.
- Preferably some experience with operations and security across Amazon Web Services (AWS), Microsoft Azure or Oracle Cloud.
- Capable of scripting in Python, Bash, Perl or PowerShell.
- Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC).
- Knowledge of National Institute of Standards (NIST) or International Standards Organization (ISO) requirements.
- 3 years of related cloud experience
- 3-5 years of related security operations experience
- 5+ years of security and systems administration-related experience
Preferably, one or more (or working toward one or more) of the following: CCSP, CISSP, AWS Certified Cloud Practitioner, or additional AWS advanced certifications such as AWS Certified DevOps Engineer.
Sr. Technical Lead
Momento USA | Exceeding Customer Expectations
Email : firstname.lastname@example.org
Momento USA is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.