Senior DevSecOps Engineer III

Denver, CO, US

Applications have closed

Description

  • Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle.
  • Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks.
  • Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components.
  • Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure.
  • Monitor and analyze system and application logs to detect and respond to security incidents.
  • Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place.
  • Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
  • Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner.
  • Contribute to the development and maintenance of security policies, procedures, and documentation.

Requirements

  • Active TS/SCI Clearance with CI poly.
  • At least 10 years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle.
  • Expert experience with DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium, Fortify, Acunetix, and Prisma Cloud).
  • Expert experience building DevSecOps solutions at scale across IL5 to IL6+ classification domains
  • Expert understanding of AWS and familiarity with other cloud platforms (e.g., Azure, GCP) and securing cloud-based applications and services.
  • Strong experience with infrastructure as code (IaC) tools such as Terraform, CloudFormation, or Ansible.
  • Strong experience in scripting languages (e.g., Python, Bash) for automation and tool integration.
  • Hands-on experience with security tools for static code analysis, dynamic application security testing (DAST), and vulnerability scanning, using tools such as Fortify, Acunetix, and Prisma Cloud
  • Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
Job stats:  1  0  0

Tags: Ansible Application security Automation AWS Azure Bash CI/CD Clearance Cloud Code analysis Compliance DAST DevOps DevSecOps GCP GitLab IAM Incident response Jenkins NIST OWASP Pentesting Python Scripting SDLC Security assessment Selenium SonarQube Terraform TS/SCI Vulnerabilities

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.