Senior DevSecOps Engineer

Arlington, VA 22203

Posted: 03/22/2021 Employment Type: Contract Category: Other Area(s) Job Number: 55186

Job Description

  • Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
  • Implement specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA 
  • Define  security rules that need  to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
  • Provide security guidance to developers in the form secure coding standards and guidelines.
  • Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
Basic Requirements:
  • Bachelor' s degree in related field
  • Minimum 6 years' of work experience in the IT field
  • 3+ years software development experience using Java, JavaScript
  • 1+ years of exposure to the following:
    • OWASP Secure Coding Practices
    • Common software and web application security vulnerabilities
    • Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools ( e.g., Jenkins)
    • REST API design & development
  • Desire to move to security field
Preferred Qualifications:
  • CISSP/CSSLP certification 
  • Experience implementing SAST or DAST or IAST across an enterprise
  • Ability to perform code reviews with minimal assistance
  • A self-starter, with a strong desire for learning new technologies and applying them to solve problems
  • Experience with  Jenkins, Gradle, Maven.
  • Familiarity with public cloud services 
  • Experience with Secure SDLC tools like Burp Suite, Veracode, Fortify, Checkmarx, Sonatype, AppSec SE, WhiteSource
  • Experience with Threat Analysis
  • Experience with DevSecOps and  Secure SDLC
  • Experience with container/orchestration tools such as Kubernetes, Docker, Puppet, etc.
  • Experience with security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc. is a plus
Apply Online
Apply with LinkedIn Apply with Facebook Apply with Twitter

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.