Senior DevSecOps Engineer

Background Information:Innovative Defense Technologies (IDT), provider of automated software testing, data analysis, and cybersecurity solutions for complex, mission-critical systems in the US Department of Defense (DOD), is seeking a Senior DevSecOps Engineer to be based in our Mt Laurel, NJ office. This individual will work with senior leadership and a fast-paced team of mission-focused engineers to solve some of our customer’s toughest challenges. Leadership, initiative, creativity, reliability, and efficient teamwork will be required to successfully deliver innovative solutions in this dynamic customer space.  Overview: At IDT, we are committed to delivering cutting-edge defense solutions that protect and empower our nation's security. As a leading provider of advanced technologies, we strive to stay ahead in an ever-changing landscape. We are seeking a highly skilled and experienced Senior DevSecOps (Development, Security, and Operations) Engineer to join our dynamic team and ensure the highest level of security and efficiency in our software products’ development and deployment processes. This job requires a unique blend of advanced skills from development, security, and operations domains. The successful candidate will contribute to building a high-quality and innovative Secured Software Supply Chain (S3C) that provides IDT engineering teams with the tools and environments that foster innovation for our customers by reducing the friction in building and testing our software products and enabling feedback throughout the software development life cycle. As a senior member of the IDT DevSecOps team, you will engage in various tasks throughout the year. Objective Key Results (OKRs) are planned out for the year, with the focus being on improving areas like stability of the S3C and reducing/removing constraints for engineers in producing secure, quality products. Ad-hoc tasks come in ranging from a need to shift OKR priorities due to critical business needs to recovering from a server power failure. As a Senior DevSecOps Engineer, you will not only contribute to the overarching goals but also provide mentorship to other members of the team, bringing your specific areas of expertise to elevate the team’s performance. All applicants must currently possess an active U.S. Security Clearance. Responsibilities Include:  

• Infrastructure as Code (IaC): Contribute to the development and maintenance of automation for provisioning and updating the S3C stack and Kubernetes-based deployments. 
• Security Automation: Develop and maintain advanced automated security testing processes, including static code analysis, static application security testing (SAST), software composition analysis (SCA), and security scanning for containers and infrastructure. 
• CI/CD Pipeline Security: Integrate security checks at various stages of the CI/CD pipelines to ensure that security assessments are performed automatically during code build, testing, and deployment. 
• Infrastructure Security: Implement advanced security controls and best practices for cloud infrastructure, virtual machines, and container environments to safeguard against unauthorized access and data breaches in the S3C. 
• Vulnerability Management: Identify, prioritize, and remediate security vulnerabilities across the development and testing environments. This includes coordinating with developers and operations teams to address critical issues promptly. 
• Security Compliance: Collaborate with internal Cyber/Compliance/SECOPs groups to ensure that software and infrastructure meet relevant security compliance standards and regulations, such as DISA STIGs. 
• Identity and Access Management (IAM): Manage access controls and permissions for users and applications, employing principles like least privilege and role-based access control (RBAC). 
• Continuous Improvement: Continuously evaluate and enhance our DevSecOps practices, tools, and processes to adapt to evolving security threats and industry best practices. 

Minimum Required Qualifications:

• Minimum 10 years of experience in DevOps/DevSecOps or full-stack software development and test. 
• B.S. in a software engineering field. 

Required Skills:

• Proven experience with containerization technologies like podman and Docker. 
• Strong experience with virtualization (hypervisor) environments such as VMware. 
• Advanced proficiency in Linux and Windows. 
• Extensive experience in software development processes, version control systems (e.g., Git), and coding and scripting languages such as Python, Ruby, JavaScript, Shell scripting, etc. 
• In-depth experience working with software development tools such as Jenkins, Maven, Gradle, Nexus, etc. 
• Strong working knowledge of Dev[Sec]Ops and CI/CD practices. 
• Experience with Infrastructure as Code (IaC) and automation tools such as Ansible or Puppet. 
• Familiarity with various security concepts, vulnerabilities, and best practices. 
• Ability to travel approximately 10%. 

Preferred Skills:

• Extensive experience in DevSecOps and CI/CD. 
• Advanced experience with Infrastructure as Code (IaC) and automation software such as Ansible or Puppet. 
• Experience with advanced security testing tools such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), SCA (Software Composition Analysis), and other vulnerability scanning tools. 
• Familiarity with container orchestration platforms like Kubernetes. 
• Strong understanding of common security threats and how to mitigate them, as well as familiarity with security frameworks and standards like OWASP and NIST. 
• Experience with industry-specific security compliance standards and regulations, such as DISA. 
• Knowledge of network security concepts, firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS). 
• Expertise in authentication mechanisms (e.g., OAuth, SAML) and authorization protocols (e.g., RBAC, ABAC). 

Competencies:

• Leadership and Communication Skills: Excellent communication skills and the ability to work effectively in a collaborative, fast-paced, and mission-driven environment while providing leadership and mentoring to the team. 
• Advanced Problem-Solving Skills: Ability to think critically about security risks and develop solutions to mitigate them. 
• Adaptability and Learning: A willingness to adapt to new technologies and stay up to date with the latest security trends and best practices. 
• Team Player and Independent Worker: Capable of working independently but thrive in a team environment, demonstrating leadership when needed.  

EEO Statement:Applicants, employees, and former employees are protected from employment discrimination based on race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, disability, veteran status, genetic information, or any other basis protected by federal, state, or local law.