DevSecOps Engineer - Washington, United States - Mount Indie, LLC

    Mount Indie, LLC
    Mount Indie, LLC Washington, United States

    2 weeks ago

    Default job background
    Description
    Mount Indie is in search of a Sr. DevSecOps Engineer to design, implement, and maintain secure and efficient CI/CD pipelines.


    Responsibilities:

    • Work across development, operations, and security teams to integrate security practices into the SDLC.
    • Provide design, implementation, and maintenance efforts to CI/CD pipelines, incorporating automated security testing, vulnerability scanning, and compliance checks.
    • Provide development and support to infrastructure as code (IaC) templates and configurations, ensuring security best practices.
    • Conduct security assessments, code reviews, and penetration testing to identify and address vulnerabilities in applications, code, and infrastructure.
    • Provide monitoring and analysis of systems and applications logs to detect and respond to security incidents.
    • Implement and administer identity and access management (IAM) solutions.
    • Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
    • Contribute to investigation and mitigation of security incidents in a timely manner.
    • Participate in the development and maintenance of security policies, procedures, and documentation

    Required Qualifications:

    • Active TS/SCI Clearance with CI poly
    • A minimum of 10 years of experience as a DevSecOps Engineer or similar role, focusing on integrating security into the SDLC.
    • Proven experience building DevSecOps solutions at scale.
    • Solid understanding of DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium).
    • Proven experience with IaC tools such as Terraform, CloudFormation, or Ansible.
    • Familiarity of cloud platforms (AWS, Azure, GCP) and securing cloud-based applications and services.
    • Strong understanding of containerization and orchestration technologies (e.g., Docker, Kubernetes, OpenShift, EKS).
    • Proven experience security tools for static code analysis, dynamic application security testing (DAST), and vulnerability scanning, using tools such as Fortify, Acunetix, and Prisma Cloud.
    • Proficiency in automation and tool integration using scripting languages (e.g., Python, Bash).
    • Understanding of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
    • Strong problem-solving skills and the ability to work effectively in a fast-paced, collaborative environment.
    • Excellent communication skills, both written and verbal, with the ability to convey complex security concepts to technical and non-technical stakeholders.