isecjobs.com

Security DevOps Engineer (DevSecOps)

Remote, United States

Full Time Mid-level / Intermediate Clearance required USD 89K - 166K *
By Light Professional IT Services LLC logo

By Light Professional IT Services LLC

View all jobs at By Light Professional IT Services LLC

Apply now Apply later

Position Overview

The DevSecOps Security Engineer will work closely with the Security Manager to ensure the proper security stance is maintained for the information system. This role is primarily responsible for ensuring that all GitHub code scans are performed and meet VA 6500 and NIST compliance standards.

Responsibilities

Code Scanning & Vulnerability Management:

  • Perform GitHub code scanning using Dependabot and CodeQL.
  • Conduct vulnerability analysis and manage secrets to ensure compliance with security standards and documentation/reporting for Authority to Operate (ATO) security authorization for FISMA information systems.
  • Document findings, recommendations, and improvements. Generate regular reports on code quality metrics.

Threat Modeling & Risk Assessment:

  • Conduct Threat Model analysis using Microsoft Threat Modeling Tool.
  • Research and address potential security issues for products, services, interfaces, protocols, etc., which may be introduced into the MHV environment.

Code Quality & Optimization:

  • Perform code quality assessments using static analysis tools to identify code smells, anti-patterns, and areas for improvement.
  • Conduct security scanning to identify vulnerabilities (e.g., OWASP Top Ten) in the codebase.
  • Optimize code performance, resolving bottlenecks, memory leaks, and resource-intensive areas.

CI/CD Integration & Automation:

  • Integrate code analysis tools into CI/CD pipelines, ensuring code quality checks are automated.
  • Develop scripts and automation tools using Python, Shell, or other scripting languages to streamline processes.

Documentation & Reporting:

  • Prepare system, boundary, and authorization architectural diagrams using Visio.
  • Support the ATO process by documenting scans, creating diagrams, gathering artifacts, and addressing Security Control Assessments.

Collaboration & Cross-functional Support:

  • Work effectively with cross-functional teams, including developers, testers, and project managers, to ensure secure and efficient code releases

Cloud Infrastructure & Containerization:

  • Understand and work within AWS cloud infrastructure.
  • Utilize virtualization technologies such as VMware and containerization tools like Docker, Rancher, Kubernetes, and AWS EKS.

Required Experience/Qualifications

  • Proven experience with GitHub code scanning tools (Dependabot, CodeQL).
  • Proficiency in security scanning and vulnerability management (e.g., OWASP Top Ten).
  • Strong scripting and automation skills (Python, Shell).
  • Familiarity with Agile and DevOps methodologies.
  • Knowledge of security frameworks (NIST, VA 6500).
  • Hands-on experience with threat modeling tools (e.g., Microsoft Threat Modeling Tool).
  • Ability to create technical diagrams and documentation.

Preferred Experience/Qualifications

  • Familiarity with FISMA compliance and ATO processes.
  • Experience with performance optimization tools.
  • Strong communication skills for cross-functional collaboration.

Special Requirements/Security Clearance

  • Ability to obatain and maintain a Public Trust
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  4  1  0
Categories: DevSecOps Jobs Security Engineering Jobs

Tags: Agile Automation AWS CI/CD Clearance Cloud Code analysis CodeQL Compliance DevOps DevSecOps Docker FISMA GitHub Kubernetes NIST OWASP Python Risk assessment Scripting Security Clearance VMware Vulnerabilities Vulnerability management

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Information Systems Security Officer jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Specialist jobsSenior Cybersecurity Engineer jobsInformation Security Manager jobsSenior Network Security Engineer jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsSecurity Specialist jobsSenior Cyber Security Engineer jobsSenior Penetration Tester jobsSystems Engineer jobsChief Information Security Officer jobsSystems Administrator jobsInformation System Security Officer (ISSO) jobsPrincipal Security Engineer jobsIT Security Analyst jobsSenior Product Security Engineer jobsStaff Security Engineer jobsThreat Intelligence Analyst jobsCloud Security Architect jobsInformation Systems Security Engineer jobs
CI/CD jobsKubernetes jobsPowerShell jobsDevSecOps jobsEDR jobsSaaS jobsIDS jobsSplunk jobsIPS jobsRMF jobsSQL jobsTop Secret jobsIntrusion detection jobsSDLC jobsBash jobsThreat detection jobsActive Directory jobsCompTIA jobsITIL jobsDoDD 8570 jobsBanking jobsCRISC jobsOWASP jobsGIAC jobsDocker jobs
Finance jobsTCP/IP jobsClearance Required jobsUNIX jobsVPN jobsHIPAA jobsOSCP jobsIT infrastructure jobsCISO jobsTerraform jobsIndustrial jobsSOC 2 jobsSANS jobsJavaScript jobsSOAR jobsCCSP jobsDNS jobsPolygraph jobsMITRE ATT&CK jobsNIST 800-53 jobsData Analytics jobsGCIH jobsSOX jobsJira jobsAnsible jobs