Job Title: DevSecOps Engineer
Location: Phoenix, AZ
- Cyber Security knowledge/experience required
- Coverity tool experience required
- Black Duck tool experience highly desired
- Worker will be setting up framework for programs to run Coverity scans.
- Must have ability to write scripts to automate in Python and Powershell
We are seeking a skilled DevSecOps Engineer to join our dynamic team. As a DevSecOps Engineer, you will play a crucial role in ensuring the security and integrity of our software development lifecycle. You will be responsible for implementing and maintaining tools and processes that enable secure and efficient software development practices.
Key Responsibilities
Implementing Static Analysis Tools: Utilize tools such as Coverity to perform static code analysis, identify potential security vulnerabilities, and ensure code quality.
Scripting Expertise: Proficiency in scripting languages such as Python, PowerShell, or similar technologies to automate security testing processes and integrate security tools into CI/CD pipelines.
Integration of Black Duck Hub: Integrate and maintain Black Duck Hub for open-source vulnerability management, ensuring compliance with licensing requirements and identifying security risks associated with third-party dependencies.
DevSecOps Implementation: Collaborate with development, operations, and security teams to integrate security practices into the DevOps workflow, including continuous security testing, code scanning, and vulnerability remediation.
Security Automation: Design and implement automated security checks and tests throughout the software development lifecycle to identify and mitigate security risks early in the process.
Incident Response and Remediation: Respond to security incidents promptly, investigate root causes, and implement remediation strategies to prevent future occurrences.
Documentation and Training: Create and maintain documentation for security processes, tools, and best practices. Provide training and support to development teams on secure coding practices and security tools usage.
