Job Description: DevSec Ops Engineer
Location: Linthicum Heights, Maryland - Hybrid role!
Evaluate, select, design, and configure security infrastructure systems in a global environment. Conduct internal audits, help mitigate findings and implement improvement measures. Identify, integrate, monitor, and improve infosec controls by acknowledged business processes. Works in tandem with the Information System Security Officer (ISSO), enhancing the security direction for the organization, including systems, networks, user services, and vendor development efforts. Install, configure, manage, and maintain enterprise applications and other technical controls. Define and implement this customer's build, deployment, and monitoring standards. A part of Agile development teams to deliver end-to-end automation of deployment, monitoring, and infrastructure management in a cloud environment; Build and configure delivery environments using an Agile delivery methodology; Create scripts and/or templates to automate and/or bootstrap infrastructure provisioning and management tasks; Working closely with the development team to create an automated continuous integration and continuous delivery system; Monitor all installed systems and infrastructure; Develop custom scripts to increase system efficiency and lower the human intervention time on any tasks; Install, configure, test and maintain operating systems, application software, and system management tools; Oversee the organization's security, backup, and redundancy strategies; Evaluate application performance, identify potential bottlenecks, develop solutions, and implement them with the help of developers: Troubleshoot security system and related issues. Assist with complex projects and ongoing security operations. Conduct network and system tests via simulation or other means to highlight and find any weaknesses that may be exploited. Assist in defining security standards and system reviews to conclude if they have been designed to comply with established security standards. Develop new standards as necessary. Core activities: monitoring and improving DevSecOps tools and processes. Design, implement, and evaluate security-focused tools, vulnerability management tools, and services. Conduct periodic Vulnerability assessments. Participate in incident handling and other related duties for the information security function.Minimum Qualifications:• 2-3 Years of cloud experience (AWS, and/or Azure).• Experience leading DevOps/DevSecOps implementation in large programs especially migrating legacy applications, reengineering, and automating systems to improve end-to-end software life cycle management utilizing automation.• In-depth technical expertise in DevSecOps techniques, continuous integration; continuous testing; and continuous deployment; trade studies and analysis of alternatives; development of end-to-end solution deployment across environments.• Conduct regular security scans, analyze results, and implement resolutions, including testing new hardware and software and ensuring compliance with DISA STIGs.• Create, maintain, and implement detailed documentation and maintain standard operating procedures.• Familiarity with multiple operating systems (Windows, Linux, etc.).• Familiarity with at least one Relational Database Management System (Oracle, MySQL, PostgreSQL, SQL Server, etc.).• Ability to think and act strategically; capable of working independently or collaboratively as part of a small team.Preferred Qualifications: • 5+ years of experience with large-scale network design and deployment.• Experience with CloudFormation, and Elasticsearch.• Basic understanding of an Object-Oriented Programming Language, preferably Java or Python.• Experience integrating Jenkins and Docker for automated CI/CD pipelines.• Basic understanding of Kubernetes or OpenShift Container Platform.• Global Skill Development Council -Certified DevOps Engineer/ DevOps Engineer or similar.• Experience implementing DevSecOps for a large program using Agile, preferably SAFe, development methodology.• Experience implementing DevSecOps for a Cloud-based system on a modernization program, ensuring existing applications and systems are modernized to satisfy legacy functional requirements.
Closing Statement:XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.
XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.Citizenship Clearance Requirement. Applicants selected may be subject to a government security investigation and must meet eligibility requirements – US CITIZENSHIP REQUIRED and TOP SECRET CLEARANCE!