Devsecops Engineer Sme - Imc0677

The DevSecOps Engineer SME will support and provide expertise to a successful cybersecurity and privacy program for a government customer. The DevSecOps Engineer SME will be responsible for designing, implementing, and maintaining secure systems and networks. The SME will work closely with cross-functional teams, including IT, network engineering, and cybersecurity, to ensure that systems and networks are secure, compliant with applicable regulations, and protected against unauthorized access and other security risks.
Duties / Responsibilities: This position will include, but is not limited to, the following tasks:

• Configure and build Kubernetes clusters (EKS) implementing security best practices.
• Create CI/CD pipelines for application builds and security use cases leveraging GitLab CI.
• Use GitOps process builds leveraging Flux CD, creating security configurations for applications and improvements to current designs.
• Administer and improve the security pipeline for static application security testing (SAST), dynamic application security testing (DAST), vulnerability and compliance checks, and overall strategy of deployment.
• Assist with configuration and design of APP Mesh and micro-service design from a security perspective.
• Containerize security tools.
• Develop Terraform modules for security needs, including Kubernetes cluster builds (EKS) and general AWS resources.
• Perform as a part of Agile development teams to deliver an end-to-end automation of deployment, monitoring, and infrastructure management in a cloud environment.
• Build and configure delivery environments supporting CD/CI tools using an Agile delivery methodology.
• Create scripts and/or templates to automate and/or bootstrap infrastructure provisioning and management tasks.
• Work closely with the development team to create an automated continuous integration (CI) and continuous delivery (CD) system.
• Work together with vendors and other IT personnel for problem resolution.
• Monitor and support all installed systems and infrastructure.
• Develop custom scripts to increase system efficiency and lower the human intervention time on any tasks.
• Contribute to the design of information and operational support systems.
• Evaluate application performance, identify potential bottlenecks, develop solutions, and implement them with the help of developers.

Basic Required Qualifications and Skills: Note: These are mandatory items that all candidates must have when making application to IMC for this position. Please ensure that your submission addresses each of these requirement items. Candidates without these required elements will not be considered.

• Bachelor's degree in business, information technology, or related field of study.
  • 10 years of experience in computer security may substitute for a degree.
• 7+ years of experience in cybersecurity.
• At start date, must possess one of the following professional certifications in ACTIVE Status. (Similar level certifications considered on a case-by-case basis).
  • CISM, CISSP, GSLC, CEH, LPT, CPT
• Experience with the following:
  • GitLab CI and creating templates and multi-stage pipelines.
  • Kubernetes best practices and App Mesh (Istio).
  • Creating organizational golden images and implementing security and hardening needs.
  • OPA and Kubescan for compliance and hardening.
  • Terraform and creating modules.
  • Prometheus for monitoring and writing scrape jobs to ingest security-appropriate metrics.
  • GitOps especially Flux and its best practices to improve processes and delivery.
  • Fully automating CI/CD pipelines end-to-end, from code commits to production.
  • Deploying and monitoring web applications in AWS.
  • Infrastructure as Code and infrastructure testing strategies.
  • Systems reliability, load balancing, monitoring, logging.
  • Secure development, coding, and engineering practices.
• Strong scripting skills, including shell scripts, Perl, Ruby, Python, Go, Groovy, Helm, etc.
• Excellent knowledge of networking technologies, particularly with OSI network layers and TCP/IP.
• Excellent oral, written, and verbal communication skills.
• Knowledge of:
  • NIST Cybersecurity and Risk Management frameworks and associated requirements.
  • Risk management processes (e.g., methods for assessing and mitigating risk).
  • Cybersecurity/privacy principles and cyber threats and vulnerabilities.
• Please note that pursuant to a government contract, this specific position requires U.S. Citizenship.
• Must possess or be able to obtain a federal background investigation of Tier 4 Critical Non-Sensitive (Form SF 85P).

Desired Qualifications and Skills: It is desirable that the candidate has the following qualifications:

• Experience in one or more of the following areas:
  • Zero Trust
  • AWS Certified Architect
  • Cyber program analysis
  • Cyber development, engineering, and architecture
  • Splunk engineering and administration
  • Crafting and authoring cyber policy
  • Linux administration

Background Information:
Innovative Management Concepts, Inc. (IMC), a Service-Disabled Veteran-Owned Small Business, provides a broad range of information technology IT services to government and commercial customers by placing a high priority on modernization, enhancing business processes through technology, and creating efficiencies through automation. Since its founding in 1989, IMC has offered solutions and expertise in: IT operations and maintenance, data management, cyber security, systems and network engineering and administration, cloud/hosting services, software development, website services, software quality assurance and testing (including IV&V), and project management. IMC is certified in International Organization for Standardization (ISO) 9001 Quality Management, ISO 27001 Information Technology Security Management, ISO 20000 Information Technology Service Management, and ISO 14001 Environmental Management System. Committed to continuous improvement and information security, IMC has been appraised at level 3 of the CMMI Institutes Capability Maturity Model Integration for both Development and Services and we are CMMC Level 2 (Ver 2.0) compliant. Find out more about IMC at www.imcva.com.
We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law.