DevSecOps Engineer at GVA Partners

About the Role

This position offers a great opportunity for career growth in a dynamic environment. You will work with Developers, DevOps, and Engineering teams to promote and implement the DevSecOps program throughout the organization.

Responsibilities

• Coordinate and perform vulnerability assessments using automated and manual tools (Tenable, NMAP, etc.)
• Review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and applications, and determine any reported vulnerabilities that are false positives
• Prepare security vulnerability and risk management reports for management
• Configure, implement, and leverage computer security and networking diagnostic/monitoring tools
• Work with APIs and Plugins to integrate security tools into established CI/CD pipelines
• Implement secure automation solutions for all environments
• Provide deployment capability to deliver products to point of need, including multiple cloud-based solutions
• Incorporate best practices to increase the quality and velocity of deployments
• Implement security best practices and configuration management
• Increase system performance with a focus on high availability and scalability
• Employ infrastructure as code paradigm to increase automation, scalability, and reliability
• Perform technology watch related to industry trends, best practices, and emerging developments

Requirements

• Bachelor's Degree in Computer Science, Information Technology, or a related field
• Minimum of 5 years' experience in relevant role
• Demonstrated CI/CD solution development, preferably using GitLab
• Experience with Docker, Kubernetes, HSMs, Terraform, and Ansible
• Scripting experience in Bash and Python
• Ability to work under pressure during production failure issues
• Leadership and teaming skills to coordinate remediation of vulnerabilities within established timeframes
• Familiarity with Information Security frameworks/standards (e.g., CIS, NIST, RFC2196)