Overview
Acuity is seeking a Sr. DevSecOps professional to support one of our Flagship contracts with over 6+ years of experience and a strong background in implementing Kubernetes environments, plus experience with DevOps methods and practices.
Candidates MUST reside in DC or VA and be available to work onsite in Herndon, VA. On-site requirements are three days a week with occasional travel to Washington DC for required meetings.
Responsibilities - Performing infrastructure security reviews, threat modeling, and risk analysis for systems built on AWS and deployed via infrastructure-as-code tools like AWS CloudFormation.
- Implementing and managing security controls within AWS including IAM, VPCs, security groups, WAF, encryption, audit logging, etc.
- Performing static and dynamic analysis on source code using tools like Anchor/Grype, SonarQube, and Syft to catch security issues early.
- Integrating security tools like secrets management, SAST, DAST, and dependency scanning into CI/CD pipelines in GitHub Enterprise and AWS CodePipeline.
- Building and configuring hardened Linux server images using tools like Packer that follow security best practices.
- Implementing security monitoring and runtime protection for containers and services running on AWS ECS.
- Helping define security requirements and compliance controls for regulated workloads built on AWS services like RDS Aurora.
- Creating and managing infrastructure security policies as code via tools like Open Policy Agent.
- Triaging and resolving security issues, working with developers and ops teams to implement fixes and improvements.
- Keeping up-to-date with the latest cloud security best practices and threats.