Staff DevSecOps Engineer

Job Description

The Staff DevSecOps Engineer will be responsible for:
• Create, manage, and continuously improve all components, including the agent infrastructure, of 10+ Azure DevOps (AzDO) Pipelines building over 70 images across AWS, Azure, and VMware including over 100 installation modules.
• Ensure all AzDO pipelines are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001, NIST Standards, RMS Information Security Policies, and best practices.
• Follow and continuously improve Secure Development Practices to include a code-first approach, Jira case and comment standardization, feature-based branches with gated testing, and Pull Requests.
• Responsible for defining and implementing the build, deployment, and monitoring standards for internal customers and in support of client-facing products and services.
• Represent and be a part of the Agile development teams to deliver end-to-end automation of hardening, deployment, monitoring, and infrastructure management in a distributed cloud environment.
• Work closely with our software development teams, product, and cloud infrastructure engineers to build and configure delivery environments supporting CI/CD tools using an agile development methodology for static security code analysis, 3rd party component analysis, vulnerability scanning and management platforms.
• Serve as an integral member of our Secure Image Factory: create OS and containers images, harden, and push images to registries.
• Perform code reviews for work submitted by other engineers.
• Create scripts and/or templates to automate and/or bootstrap infrastructure provisioning and management tasks.
• Develop custom scripts to increase system efficiency and lower the human intervention on any task.
• Install, configure, test, and maintain operating systems, application software, and system management tools.
• Evaluate/help evaluate application and system performance, identify potential bottlenecks, develop solutions, and implement them with the help of partners across development, product, and cloud infrastructure partners.
• Proactively organize system and infrastructure availability and security.
• Lead/support cross-team DevSecOps incident management.
• Ensure applications, databases, networks, systems in the cloud are planned, designed, developed, implemented, and monitored in accordance with security controls related to SOC 2, ISO 27001, NIST Standards, RMS Information Security Policies, and best practices.
• Work closely with the Security Operations Center to develop new data feeds and services for continuous monitoring and detection capabilities, including the writing of data parsers, installation of data connectors and log collectors, and tuning and aggregating multiple security alerting sources.
Qualifications:
• 3 5 + years full time DevOps engineering roles in at least two companies.
• 5 7 + years of relevant collaborative software engineering experience.
• Consultation and collaboration with software development teams.
• Demonstrated proficiency in writing Python, Bash, PowerShell and shell scripts for compilation and deployment processes.
• Demonstrated proficiency in setting up and maintaining CI/CD pipelines using various tools like Azure DevOps, Git, Jenkins, Bamboo, SVN, Packer, Ansible, Terraform Nexus
• Demonstrated proficiency container-based deployments using Kubernetes and Docker (orchestrating, scaling, and management).
• Expertise in creating OS and containers images and pushing images to registries and deploying and maintaining micro services and automation and integration through scripting in PowerShell, Python, Perl, etc. in monthly operations.
• Demonstrated proficiency with debugging on multi-tenant cloud environments.
• Demonstrated proficiency in system hardening techniques for Microsoft Windows, Linux, Mac OSX. Redhat & CentOS.
• Experience in all aspects of Software Development Life Cycle (SDLC) such as Analysis, Planning, Developing, Testing, and implementing and post-production analysis with Agile/Scrum, Waterfall.
• Experience configuring and managing Ansible playbooks with Ansible roles
• Experience with AWS services such as EC2, VPC, AMI, SNS, RDS, EBS, Cloud Watch, CloudFormation, Autoscaling, SNS, EMR, Cloud Front, IAM, S3, Dynamo DB.
• Other cloud: Microsoft Azure and Azure services that mimic those in AWS.
• Experience with the development, deployment, and automation of security solutions in an enterprise cloud-based environment.
• Deep understanding of VPN, PKI, IAM, IPAM and MFA technologies required.
• In-Depth knowledge of TCP/IP addressing and standards including network design, firewall configuration, load balancing, remote access, strong authentication, vulnerability scanning, VPN and DMZ management
• Knowledge of technical security control environments and compliance frameworks including ISO 270001 and SOC 2 is highly desired.
• Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects being executed simultaneously.
• Experience in creating detailed solution design documents & diagrams.
,

Keyskills :
software development life cyclesecurity operations centerequal employment opportunity