Sr. DevSecOps Engineer Team Lead.
- Job Title
- Sr. DevSecOps Engineer Team Lead.
- Job ID
- Work From Home
- Washington DC, DC
- Other Location
Iron Vine Security is a rapidly growing information security and information technology company in Washington, DC. We are looking to hire a DevSecOps Engineer Team Lead to support a full range of cyber security services on a long-term contract in Washington DC. The position is full time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background clearance.
As a DevSecOps engineer, you will provide leadership in the DevSecOps areas of Vulnerability Scanning, Certificate Management, Password Policy Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts. Additionally, you will assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open source solutions.
· Strong communication skills - both written and verbal. The ability to articulate ideas and concepts to nontechnical audience
· Strong professional experience in the DevSecOps practices of software development specifically supporting infrastructure development, site reliability engineering, and improving CI/CD pipeline automation.
· Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
· Experience coordinating and performing vulnerability assessments through the use of automated and manual tools (Tenable, NMAP, etc).
· Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
· Capability to prepare security vulnerability and risk management reports for management.
· Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.
· Proficiency in C/C++ Programming and Bash, Python or other scripting languages.
· Familiarity with Information Security frameworks/standards (i.e. NIST SP 800-37)
· Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
· Experience configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools.
· Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
· Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
· Experience with DevOpsSec automation tools Docker, Ansible, GitHub, etc
· Experience with cloud networking architecture and security
· Experience with API Security, Container Security, AWS Cloud Security
· Experience with Amazon AWS Polucy, Configuration and Security Management Tools
· Experience providing direction and guidance to the Development teams to create automated tests to be included in the CI/CD pipeline
· Bachelor's degree in Computer Science, Information Technology, Cyber Security or related field, or equivalent combination of education and experience and training
· 10+ years of DevOps experience
· 5+ years of experience in DevOps in AWS environment
· At least 5+ years in Leadership position
· One or more of the following certifications:
o AWS Certified DevOps Engineer – Professional
o AWS Certified Cloud Practitioner
o AWS Certified Solutions Architect - Professional
o GIAC GCSA
· Active Public Trust 6c clearance or higher or eligible for Public Trust 6c clearance
Additional Experience Preferred:
· Experience with governance, risk assessment and compliance for FISMA, FedRAMP, and NIST SP 800 series including NIST SP 800-37 and NIST SP 800-53, system security plans, security and privacy controls, POA&M management, assessment and authorization (A&A), Authority To Operate (ATO) and continuous monitoring processes
· Knowledge of NIST based standard. IRS Publication 1075, etc requirements for Cloud systems
· Experience with IBM Informix or Oracle Advanced Security tools
· Ability to define and deploy monitoring, metrics, and logging systems on AWS
· Experience developing and deploying automated software testing routines using either screen driving solutions (i.e. codecept/selenium) or API based tests
· Lead in the design, development, testing, and management of DevSecOps processes and tools.
· Responsible to manage the roll out the DevSecOps solution across the enterprise
· Present and report DevOps metrics to key stakeholders as part of service delivery.
· Lead team of DevSecOps Engineers to implement the DevSecOps solution
· Provide guidance for adhering to best practices for optimal and secure use of cloud technologies.
· Deliver RMF documentation to support accreditation efforts.
· Build and maintain the delivery pipeline applying CI/CD principles
· Implement and manage continuous delivery systems and methodologies on AWS
· Implement and automate security controls, governance processes, and compliance validation
· Contribute to documentation in the Knowledge Base, Standard Operating Procedures (SOP), work instructions, and job aids.