DC3 Position Title: DevSecOps Engineer
Alliant II LCAT: SME - Computer and Information Research Scientist, 114
Task: OED
Location: DC3, Linthicum Heights, MD
Requirements: BS 10+, MS 8+, PhD 5+
Clearance: Secret or higher
$112,000 - $170.000
Description:
- Evaluate, select, design, and configure security infrastructure systems in a global environment.
- Conduct internal audits, help mitigate findings and implement improvement measures. Identify, integrate, monitor, and improve infosec controls by acknowledged business processes.
- Works in tandem with the Information System Security Officer (ISSO), enhancing the security direction for the organization, including systems, networks, user services, and vendor development efforts.
- Install, configure, manage, and maintain enterprise applications and other technical controls.
- Define and implement this customer's build, deployment, and monitoring standards.
- A part of Agile development teams to deliver end-to-end automation of deployment, monitoring, and infrastructure management in a cloud environment;
- Build and configure delivery environments using an Agile delivery methodology;
- Create scripts and/or templates to automate and/or bootstrap infrastructure provisioning and management tasks;
- Working closely with the development team to create an automated continuous integration and continuous delivery system;
- Monitor all installed systems and infrastructure;
- Develop custom scripts to increase system efficiency and lower the human intervention time on any tasks;
- Install, configure, test and maintain operating systems, application software, and system management tools;
- Oversee the organization's security, backup, and redundancy strategies;
- Evaluate application performance, identify potential bottlenecks, develop solutions, and implement them with the help of developers:
- Troubleshoot security system and related issues.
- Assist with complex projects and ongoing security operations. Conduct network and system tests via simulation or other means to highlight and find any weaknesses that may be exploited.
- Assist in defining security standards and system reviews to conclude if they have been designed to comply with established security standards.
- Develop new standards as necessary.
- Core activities: monitoring and improving DevSecOps tools and processes.
- Design, implement, and evaluate security-focused tools, vulnerability management tools, and services.
- Conduct periodic Vulnerability assessments.
- Participate in incident handling and other related duties for the information security function.
Minimum Qualifications:
• Bachelor's degree and 10-12 years experience, or Master's degree and 8-10 years experience, or PhD and 5-7 years experience.
• 2-3 Years of cloud experience (AWS, and/or Azure).
• Experience leading DevOps/DevSecOps implementation in large programs especially migrating legacy applications, reengineering, and automating systems to improve end-to-end software life cycle management utilizing automation.
• In-depth technical expertise in DevSecOps techniques, continuous integration; continuous testing; and continuous deployment; trade studies and analysis of alternatives; development of end-to-end solution deployment across environments.
• Conduct regular security scans, analyze results, and implement resolutions, including testing new hardware and software and ensuring compliance with DISA STIGs.
• Create, maintain, and implement detailed documentation and maintain standard operating procedures.
• Familiarity with multiple operating systems (Windows, Linux, etc.).
• Familiarity with at least one Relational Database Management System (Oracle, MySQL, PostgreSQL, SQL Server, etc.).
• Ability to think and act strategically; capable of working independently or collaboratively as part of a small team.
Preferred Qualifications:
• 5+ years of experience with large-scale network design and deployment.
• Experience with CloudFormation, and Elasticsearch.
• Basic understanding of an Object-Oriented Programming Language, preferably Java or Python.
• Experience integrating Jenkins and Docker for automated CI/CD pipelines.
• Basic understanding of Kubernetes or OpenShift Container Platform.
• Global Skill Development Council -Certified DevOps Engineer/ DevOps Engineer or similar.
• Experience implementing DevSecOps for a large program using Agile, preferably SAFe, development methodology.
• Experience implementing DevSecOps for a Cloud-based system on a modernization program, ensuring existing applications and systems are modernized to satisfy legacy functional requirements.