As a DevSecOps Engineer you will be responsible for the following:
Continuous Integration/Continuous Deployment (CI/CD):
- Design, implement, and manage CI/CD pipelines in Gitlab to ensure efficient and reliable software delivery.
- Integrate security tools and practices into CI/CD workflows to detect and mitigate risks early.
- Familiar with implementation of deployment strategies including blue/green, canary, and A/B testing.
Automation and Scripting:
- Develop and maintain automation scripts to streamline and enhance deployment processes.
- Advise on and implement configuration management tools for consistent environment setup.
- Develop and manage automated deployment and configuration of Kubernetes clusters.
- Support configuration of automated testing including functional, integration, end-to-end, resilience, and disaster recovery.
Security Integration:
- Implement security measures and controls within CI/CD pipelines.
- Develop and employ automated, regular, pre and post-deployment security assessments and vulnerability scans and testing.
- Ensure compliance with Army and Department of Defense (DoD) security standards and policies.
- Provide direct technical input into security remediation documentation.
Monitoring and Incident Response:
- Set up and maintain monitoring and logging solutions to detect and respond to incidents in real-time.
- Collaborate with security teams to investigate and remediate security incidents and breaches.
Collaboration and Communication:
- Work closely with development, operations, and security teams to ensure seamless integration of security practices.
- Provide training and guidance to team members on security best practices and DevSecOps methodologies.
- Directly coordinate with Government service and resource providers to implement technical solutions.
Infrastructure as Code (IaC):
- Utilize AWS specific IaC tools (i.e. CloudFormation, SAM, CDK) to manage and provision infrastructure.
- Ensure infrastructure is secure, scalable, and compliant with Army requirements.
Risk Management:
- Identify and address potential security risks and vulnerabilities throughout the development lifecycle.
- Implement risk mitigation strategies and conduct regular risk assessments.
Compliance and Documentation:
- Ensure all systems and applications comply with relevant regulations and standards (e.g., NIST, FISMA, RMF).
- Provide DevSecOps technical input to comprehensive documentation of security practices, procedures, and incident response plans.
Performance Optimization:
- Optimize performance and scalability of applications and infrastructure.
- Conduct performance testing and implement improvements as needed.
Research and Development:
- Stay current with emerging technologies and security trends.
- Monitor and adapt to rapidly changing Government technologies and security trends.
- Evaluate and integrate new tools and technologies to enhance the security posture of Army systems.
Disaster Recovery and Organization Continuity:
- Collaborate with System Architect and Product Management to develop and maintain disaster recovery plans and organization continuity strategies.
- Conduct regular drills and tests to ensure preparedness for potential disruptions.
Software Development Support:
- Assist in the design, development, and deployment of secure software solutions.
- Coordinate with lead developers to ensure security is considered throughout the software development lifecycle (SDLC).