Devsecops Engineer

Job Overview: The DevSecOps Engineer will be pivotal in embedding security into the DevOps pipeline, working closely with development, operations, and security teams. This role involves fostering a culture of security awareness and implementing DevSecOps best practices to ensure secure, efficient, and scalable deployments. By setting up and managing a suite of on-premises DevSecOps tools, the engineer will play a key role in enhancing the organization's security posture and supporting the overall goals of reliability, speed, and resilience in software delivery. Key Responsibilities: Collaboration and Advocacy: Partner with development, operations, and security teams to promote security awareness and DevSecOps principles. CI/CD Pipeline Development: Build and maintain secure CI/CD pipelines using Jenkins, GitLab, and SonarQube, automating all stages of the software development lifecycle. Infrastructure as Code (IaC): Implement and manage configuration with Ansible and cloud infrastructure provisioning with Terraform to create scalable, repeatable environments. Container Orchestration: Utilize Kubernetes to manage and scale applications in production, ensuring efficient deployment of containerized workloads. Vulnerability Management: Configure and manage security scanning tools like Clair, Trivy, OWASP Dependency Check, and OWASP ZAP to detect and address vulnerabilities early in the development lifecycle. Secrets Management: Secure sensitive data using tools such as GitSecrets and TruffleHog to avoid accidental exposure of credentials within code repositories. Security Monitoring and Compliance: Integrate SonarQube for continuous code quality checks and ensure security compliance with industry standards. Security Workflow Automation: Develop scripts and automation processes to integrate security tools within DevOps workflows, improving the security stance without affecting deployment speed. Microservices Management: Oversee multiple repositories hosting Python-based microservices, deploying them on Kubernetes while ensuring high standards of performance and maintainability. Database and Artifact Management: Implement and secure Apache Kafka clusters, manage Redis databases, and integrate Sonatype Nexus for artifact repository management. Security Testing: Conduct security assessments and vulnerability testing using Burp Suite, helping to identify and mitigate security risks in applications.