Devsecops Engineer

Mount Indie is in search of a Sr. DevSecOps Engineer to design, implement, and maintain secure and efficient CI/CD pipelines. Responsibilities:
•Work across development, operations, and security teams to integrate security practices into the SDLC.
•Provide design, implementation, and maintenance efforts to CI/CD pipelines, incorporating automated security testing, vulnerability scanning, and compliance checks.
•Provide development and support to infrastructure as code (IaC) templates and configurations, ensuring security best practices.
•Conduct security assessments, code reviews, and penetration testing to identify and address vulnerabilities in applications, code, and infrastructure.
•Provide monitoring and analysis of systems and applications logs to detect and respond to security incidents.
•Implement and administer identity and access management (IAM) solutions.
•Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings.
•Contribute to investigation and mitigation of security incidents in a timely manner.
•Participate in the development and maintenance of security policies, procedures, and documentation. Required Qualifications:
•Active TS/SCI Clearance with CI poly
•A minimum of 6 years of experience as a DevSecOps Engineer or similar role, focusing on integrating security into the SDLC.
•Proven experience building DevSecOps solutions at scale.
•Solid understanding of DevOps practices, CI/CD pipelines, and automation tools (e.g., Jenkins, GitLab CI/CD, Artifactory, SonarQube, Selenium).
•Proven experience with IaC tools such as Terraform, CloudFormation, or Ansible.
•Familiarity of cloud platforms (AWS, Azure, GCP) and securing cloud-based applications and services.
•Strong understanding of containerization and orchestration technologies (e.g., Docker, Kubernetes, OpenShift, EKS).
•Proven experience security tools for static code analysis, dynamic application security testing (DAST), and vulnerability scanning, using tools such as Fortify, Acunetix, and Prisma Cloud.
•Proficiency in automation and tool integration using scripting languages (e.g., Python, Bash).
•Understanding of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST).
•Strong problem-solving skills and the ability to work effectively in a fast-paced, collaborative environment.
•Excellent communication skills, both written and verbal, with the ability to convey complex security concepts to technical and non-technical stakeholders.