DevSecOps Engineer

Ren • Indianapolis, IN, US • 1m ago

The DevSecOps Engineer at Ren ensures Security is represented throughout the SDLC and our CI/CD pipelines. They are responsible for implementing security tools and automated testing to ensure our application and environment meet compliance requirements. They help identify gaps in our security posture and work to prioritize remediation across teams.

They are an advocate for secure development practices, such as threat modeling, code dependency scanning, framework adherence, and secure IaC deployment. This role is highly collaborative across multiple areas of the business.

Duties & Responsibilities

Perform code reviews before production releases to safeguard against deploying vulnerable applications
Managed SAST and DAST platforms and generate reports for stakeholders
Review reporting related to our Cloud Security Posture and report on compliance issues
Work with DevOps on scanning IaC to remediate issues before infrastructure is deployed
Automate Security tools related to CI/CD pipeline
Contribute to monthly Application Vulnerability meetings with stakeholders to align on prioritization and remediation
Assist with Annual Penetration Testing of internal Applications
Advise on Secure Cloud practices and runtime environments related to Containers and Kubernetes
Measure program health against established frameworks to identify gaps
Grow AppSec program by establishing key partnerships and collaborating across multiple teams

Education & Experience

6+ years experience in Development or DevOps role required
2+ years experience in a DevSecOps role desired
Bachelor’s degree in Computer Science, Computer Engineering, or related field required
Experience with Bitbucket/Github, AWS, and Azure required
Experience with SAST and DAST tools (i.e. Veracode, Snyk, Nexpose, Rapid7)
Experience with Cloud Security Posture Management tools (CSPM) and Cloud Security best practices
Experience with tool such as Ansible, Terraform, CloudFormation, BurpSuite, Snyk
Familiarity with OWASP, MSDL, NIST SSDF or similar Application Security Framework
Excellent written and communication skills