DevSecOps roles are open - emphasis on GitHub Actions - a Lead role and a regular developer role with app dev experience. AWS/EKS is a plus but not required as much as CI/CD experience Lead DevSecOps Engineer Job Description - As the Lead DevSecOps Engineer, you will play a critical role in developing reusable CI/CD pipelines with the goal of building a developer platform and ensuring the seamless integration of security and quality practices into the software development lifecycle. Your expertise will bridge the gap between development, security, and operations, championing reusable workflows, robust security measures, and automated testing from the outset. Here are the key details:
Objectives of This Role:Develop CI/CD pipelines: - Build pipelines to build and deploy infrastructure and applications to AWS and Azure using GitHub Actions
- Leverage Infrastructure as Code to create integrated workflows
- Provide release gates that are aligned with source control management approaches
Integrate Security into SDLC: - Seamlessly integrate security features throughout the software development life cycle (SDLC).
- Identify and mitigate security risks, implementing effective security controls.
Platform Advocate: - Regularly demonstrate the new capabilities available in pipeline to diverse audiences
- Seek feedback and direction from stakeholders on how to improve the reusable pipelines
Responsibilities & Skills: - Experience working with GitHub Actions, building pipelines to deploy infrastructure and applications to AWS and Azure landing zones
- Deep knowledge and understanding of DevSecOps best practices involving Automation, CI/CD, deployments, approval gates, hooks, and various methods for deploying software applications through multiple environments to target cloud platforms
- Extensive experience developing and deploying to Cloud applications (AWS and/or Azure)
- Experience with software testing tools and frameworks
- Extensive experience and proficiency with GIT source code control and different branching strategies such as "trunk based development"
- Ability to direct and manage dev teams on best practices and usage patterns for DevOps CI/CD and automation leading to more secured software application deployments
- Well versed in software bill of material and software supply chain analysis and safe practices
- Experience with and deep understanding of difference vulnerability scanning techniques and their relevant tools
- Solid understanding of SDLC processes, modern programming stacks and their relevant vulnerabilities
- Operational experience and knowledge in common security scanning tooling and integration into CI/CD pipelines
- Participate in design and code reviews, aligning with architectural goals
- Ability to showcase and communicate technical solutions to business stakeholders
- Experience leading teams a plus
Experience with EKS, Kubernetes, containerization a plus