Cybersecurity DevSecOps Engineer

** Only US Citizens please apply**

BITS is a growing software development company in Washington DC area. We provide database solutions, application development, infrastructure supports, network engineering, and high-end computing using innovative technologies to the health agencies. We are looking for a Cybersecurity DevSecOps Engineer for one of our FEDERAL projects,

Roles and Responsibilities Requirements:

The Cybersecurity DevSecOps Engineer is a security-focused engineer dedicated to enhancing the security posture throughout the Agency DevSecOps lifecycle:

• Drive the unification and automation of processes to enable development of software capability across the entire organization, instrumental in combining code, application maintenance, and application management.
• Define, implement, and maintain secure pipelines, promoting a culture of rapid and safe iteration
• Design and refine scalable and reliable CI/CD processes with a security-first approach.
• Develop and enhance a robust build pipeline, automating secure build/artifact delivery and deployment.
• Use your expertise to identify and mitigate security risks, always prioritizing reasoning and facts.
• Collaborate with the existing team to integrate and improve upon current infrastructure with security best practices.
• Conduct threat modeling and risk assessments, ensuring that potential vulnerabilities are identified and addressed collaboratively.
• Lead and participate in security training and awareness initiatives for the development team.
• Develop and maintain an incident response plan, ensuring preparedness in the event of a security breach.
• Collaborate with other developers to address security concerns at the root and craft lasting solutions.
• Works actively with application development teams, Agency security/ISO, Infrastructure and other teams to coordinate and optimize the steps that execute within the DevOps ecosystem and bring consistency and security best practices in approach, tools, and standards.

Experience Requirements:

• Bachelor’s degree with seven (10) plus years IT development experience (with a minimum of 5 years of experience in DevSecOps practice & tools).
• Experience building DevSecOps services in IaaS/PaaS/SaaS in Cloud (AWS, Azure) environments and good understanding of their security considerations.
• Familiarity with containerization and orchestration tools like Docker and Kubernetes.
• Experience with Kubernetes, Docker, and/or other cloud orchestration technologies.
• Experience with CI/CD best practices, automated builds and tests, quality gates, software quality, and CI tools, i.e., Jenkins, Ansible, Terraform, etc.
• Experience with configuration management tools, i.e., Git, GitHub, GitLab, Bitbucket, others; Familiarity with branching strategies, gated commits, source controlled management, etc.
• Familiarity with the principle of DevSecOps; Atlassian JIRA or other defect tracking tool experience; Atlassian Confluence, GitLab/GitHub, Jenkins, and artifact repository experience.
• Familiarity with security coding standard best practices, static and dynamic scanning tools, i.e., SonarQube, Fortify, Coverity, PCLint, etc.
• Programming and scripting experience in a UNIX environment (Bash, Shell, PowerShell, Perl, Python, Bash, Ruby, Shell, Scripts); Must have Agile/SAFe, and other related developer certifications and or demonstrate equivalent experience.
• Experience with tools and methodologies for code vulnerability and scanning.

Job Type: Full-time

Pay: $165,000.00 - $170,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Health insurance

Experience level:

• 10 years

Schedule:

• Monday to Friday

Experience:

• Linux: 1 year (Preferred)
• Cybersecurity: 1 year (Preferred)
• Information security: 1 year (Preferred)

Work Location: Remote