DevSecOps Engineer
- 12 Month Contract - Government Entity
- Attractive Daily Rate & Hybrid Work Arrangement
- Expansive project with more than 1 billion in funding
- Champion a shift-left approach to security and thrive in DevSecOps environments.
- Design and implement DevSecOps pipelines, with a focus on legacy software product migration strategies.
- Provide expertise in contemporary web and mobile application frameworks and their associated security requirements.
- Ensure the security of REST APIs, microservices, and cloud-native applications - applying deep knowledge of Azure, OpenShift, or AWS.
- Construct automation tools within pipelines using robust scripting skills (Python, Bash, Golang, and PowerShell)
- Deploying advanced security tools to systematically identify and resolve issues across various systems and applications
- Strong hands on experience working in DevSecOps (4+ years)
- Familiarity with security policies and frameworks including: ISM, ACSC, CIS, ISO27001, NIST, and SOC.
- Proficient in Secure Development Lifecycle Principles, showcasing expertise in software security frameworks, requirements, and threat analysis. Well-versed in OWASP tools and strategies.
- Extensive experience in code review, adept at identifying code smells, and proficient in implementing DevSecOps tooling, including SAST, DAST, RASP, RAST (e.g., IBM AppScan, Veracode, Synk, Coverity, SonarQube, Twistlock).
- Proficiency in multiple programming languages, with a preference for C#/.NET, JavaScript, React, PowerShell, Bash, and Python.
- Proficient in App Whitelisting Technologies, with a specific focus on Airlock.
- Demonstrated ability in containerization tools (Kubernetes, Docker).