Param Solutions (11-50 Employees, 9% 2 Yr Employee Growth Rate)
Our client is seeking a DevSecOps engineer to join our growing team which includes server, application and security specialists.
As a DevSecOps engineer, you will provide leadership in the DevSecOps areas of Vulnerability Scanning, Certificate Management, Password Policy Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts. You will assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open source solutions. Additionally, you will assist Application teams to determine infrastructure performance requirements throughout system lifecycles ensuring that SLA and operational performance standards are achieved.
- Develop strategies for application security and security policies, compliance frameworks and DevOps in product development or solution implementation
- Respond to security incidents by conducting incident response activities involving containment to remediation and lessons learned.
- Protect assets spanning across infrastructure, platform, CI/CD pipelines and applications
- Enforce and govern the use of API security, container security and cloud security, while leveraging automation across the lifecycle
- Deploy and administer security monitoring tools (Prometheus, AppDynamics, ELK stack, Splunk, etc.) and perform frequent risk assessments
- Deploy product updates as required while implementing integrations when they arise.
- Automate operational processes as needed, with accuracy and in compliance with our security requirements.
- Specify, document and develop new product features, and write automating scripts.
- Ensure deliverables are completed within target timeframes and are consistently of high-quality, documented and support transition of operational activities
- Design and implement mechanisms that efficiently identify and mitigate security risks within the existing DevOps work streams.
- Establish and ensure appropriate security practices are communicated and implemented. Support adherence and awareness of these practices
- Instill and foster uptake of DevSecOps practices through meaningful engagement with the application teams
- Assist application teams with on boarding to the adopted security tools/technologies; working with vendors to troubleshoot the platform and issues related to such integrations
- Work with teams to bring continuous improvement to DevSecOps processes and tools
- B.S. degree in Computer Science or a similar quantitative field
- Strong experience with Linux-based infrastructures, Linux/Unix administration, and AWS.
- Strong experience with databases such as SQL, Hadoop, Elasticsearch
- Strong experience with containerized orchestration systems and tools including Docker and Kubernetes
- Experience with open-source technologies and cloud services.
- Time and project management skills, with the capability to prioritize and multitask as needed. Experience with project management and workflow tools such as Agile, Jira, Scrum/Kanban, etc.
- Expertise implementing static and dynamic analysis tools, open source scanning tools and integrating security into a CI/CD pipeline at scale
- Capability to prepare security vulnerability and risk management reports for management
- Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
- Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
- 10+ years of experience in a DevSecOps Engineer role (or similar role); experience in software development and infrastructure development is a plus.
- Strong communication skills and ability to explain and document protocol and processes with team and management.
- Responsive and independent decision-making experience with the ability to collaborate across stakeholder groups.
- Stellar troubleshooting skills with the ability to spot issues before they become problems.
- Current with industry trends, IT ops and industry best practices, and ability to identify and recommend solutions.
- Active Top Secret