Posted 6 months ago  

Senior DevSecOps Engineer at Kelly

Posted 6 months ago - 96 views - 18 Applied

Job Description

Assess and remediate risk and design and support new security-related processes within the monitoring, build, and deployment systems.

  • Design and implement the application and infrastructure security strategy for the organization
  • Provide the technical foundation of the organizations platform, leveraging automation and best practices
  • Design and deliver flexible build and deployment functions while implementing a balanced approach to security and agility
  • Develop and implement security as code and compliance as code pipelines using automation tools
  • Develop and implement solutions to help mitigate security vulnerabilities while actively conducting research to identify new attack vectors
  • Maintain a high level of quality in our infrastructure systems through security audits, risk analysis, application-level vulnerability testing, and security-focused code reviews

REQUIREMENTS

  • Strong experience securing infrastructure deployed into public clouds (AWS, Azure, Google Cloud)
  • 5+ years in a security engineering position with experience as a DevSecOps Engineer working in a cloud environment (AWS, Azure, Google Cloud)
  • Strong knowledge of threat modeling and risk assessment techniques
  • Experience in securely managing production Kubernetes infrastructure with knowledge of Kubernetes security best practices and the use and benefits of service mesh (Istio) and API gateway (Ambassador) technologies
  • Extensive experience automating system tasks and infrastructure using a scripting language (Python, Bash), with configuration management tools (Ansible), and infrastructure orchestration tools (Terraform, CloudFormation)
  • Deep understanding of the Software Development Life Cycle including how to best implement security principles and checkpoints into the Continuous Integration and Continuous Deployment (CICD) pipeline (SAST, DAST, IAST) and into deployed applications (WAF, RASP)