Position: DevSecOps Engineer
Location: Tampa, FL– 2 days onsite in a week
Contract/ CTH
Responsibilities:
Security Integration:
- Implement and integrate security best practices into the entire software development and deployment lifecycle.
- Collaborate with development and operations teams to embed security controls and automation in all aspects of the software delivery process.
Security Automation:
- Develop and maintain automated security processes, including vulnerability scanning, code analysis, and security testing, to identify and remediate security vulnerabilities.
- Integrate security automation tools into CI/CD pipelines to enable continuous security validation.
Incident Response and Monitoring:
- Work closely with SREs to enhance incident response capabilities and develop automated incident detection and response mechanisms.
- Implement and maintain monitoring solutions for security events and incidents.
Infrastructure Security:
- Conduct security assessments and audits of infrastructure components, identifying and mitigating security risks.
- Implement and manage security controls for cloud platforms (e.g., AWS, Azure) and container orchestration systems (e.g., Kubernetes).
Collaboration with SRE and DevOps Teams
- Collaborate with SRE and DevOps teams to implement security measures in alignment with SRE principles and practices.
- Provide guidance on secure coding practices, secure configuration, and security architecture.
Security Training and Documentation:
- Develop and deliver training programs to educate development and operations teams on security best practices.
- Maintain comprehensive and up-to-date documentation on security policies, procedures, and standards.
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Proven experience as a DevSecOps Engineer or in a similar role.
- Strong understanding of security principles, practices, and technologies.
- Experience with security automation tools, such as Jenkins, GitLab CI, or Travis CI.
- Proficiency in scripting and programming languages (e.g., Python, Bash).
- Familiarity with containerization and orchestration technologies (e.g., Docker, Kubernetes).
- Knowledge of cloud security best practices and experience securing cloud environments.
- Expertise in application security, including code review, penetration testing, and vulnerability management.
- Excellent problem-solving skills and the ability to collaborate effectively with cross-functional teams.