Senior DevSecOps Engineer
Arlington, VA 22203
- Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
- Implement specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA
- Define security rules that need to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
- Provide security guidance to developers in the form secure coding standards and guidelines.
- Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
- Bachelor' s degree in related field
- Minimum 6 years' of work experience in the IT field
- 1+ years of exposure to the following:
- OWASP Secure Coding Practices
- Common software and web application security vulnerabilities
- Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools ( e.g., Jenkins)
- REST API design & development
- Desire to move to security field
- CISSP/CSSLP certification
- Experience implementing SAST or DAST or IAST across an enterprise
- Ability to perform code reviews with minimal assistance
- A self-starter, with a strong desire for learning new technologies and applying them to solve problems
- Experience with Jenkins, Gradle, Maven.
- Familiarity with public cloud services
- Experience with Secure SDLC tools like Burp Suite, Veracode, Fortify, Checkmarx, Sonatype, AppSec SE, WhiteSource
- Experience with Threat Analysis
- Experience with DevSecOps and Secure SDLC
- Experience with container/orchestration tools such as Kubernetes, Docker, Puppet, etc.
- Experience with security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc. is a plus