Senior DevSecOps Engineer
Location: Onsite - Local to Hyattsville MD
US Citizen eligible for a public trust
Requirements:
- 10+ years of total experience
- 5+ years of DevSecOps experience
- Must have experience with GitLab
What you will do:
- Support design, implementation, and maintenance of security controls and processes across the SDLC, including code scanning, vulnerability assessment, and security testing.
- Create, develop, and implement automation and system integration for various build platforms.
- Create plug-and-play/reusable solutions and patterns for CICD pipelines, and build or maintain CICD building blocks and shared libraries proactively for development and deployment efficiency
- Publish and disseminate DevSecOps best practices, patterns, and solutions
- Monitor and respond to security incidents, conducting root cause analysis and implementing corrective actions to prevent future occurrences.
- Design action plans to address CICD platform/tools/solutions' shortcomings and difficulties
- Working closely with Cloud Infrastructure and Security teams to ensure organizational best practices are followed
- Perform performance analysis and optimization, monitoring and problem resolution, upgrade planning and execution, and process creation and documentation.
- Align with technological Systems/Software Development Life Cycle (SDLC) processes and industry-standard service management principles (such as ITIL)
- Can function in project leadership roles and represent Vidoori as the prime customer contact on significant technical matters
Experience:
- Minimum ten (10) years in engineering, computer science, or related field
- Minimum five (5) years of hands-on experience supporting DevSecOps to build and automated software development processes.
- Extensive knowledge of institutionalizing Agile and DevSecOps toolkits not limited to but including: Ansible, Jenkins, GitLab, Artifactory, Jira, Terraform, Version Control Software, or comparable technologies.
- Familiarity with information security frameworks and standards (SAST, DAST, IAST, RASP)
- Familiarity with Threat modeling, Static Analysis Tools, and Risk Assessment Techniques
- Strong understanding of cloud computing platforms (e.g., AWS, Azure, GCP) and experience with cloud security best practices.
- Excellent communication and collaboration skills, with the ability to work effectively in a fast-paced, dynamic environment.
- Hands on source code management tools like Git.