Leidos
Senior DevSecOps Engineer
Leidos, Oklahoma City, Oklahoma, United States, 73116
DescriptionThe Multi Domain Solutions Division at Leidos is looking for an experienced
Senior DevSecOps Engineer
to support a fast-paced program with the Air Force Life Cycle Management Center. This role is critical in establishing robust security practices throughout the software development lifecycle and ensuring compliance with stringent security standards. The ideal candidate will have extensive experience in DevSecOps, strong leadership abilities, and a commitment to fostering a culture of security within the organization. This position offers an exciting opportunity to shape the security landscape of an Air Force program, ensuring the secure development of software in a dynamic and innovative environment.Primary Responsibilities:Lead the design and implementation of security practices within the DevOps pipeline for DoD applications, ensuring alignment with regulatory requirements.Evaluate and select security tools, integrating them into CI/CD workflows to enhance application security.Conduct advanced vulnerability assessments, threat modeling, and penetration testing to proactively identify and mitigate security risks.Collaborate with cross-functional teams to develop and promote secure coding practices, incident response plans, and security training.Mentor and guide junior and mid-level engineers, fostering knowledge sharing and professional growth within the team.Drive the automation of security testing and compliance processes, utilizing Infrastructure as Code (IaC) and security automation tools.Stay abreast of industry trends, emerging threats, and best practices in DevSecOps and cybersecurity to continually improve security posture.Assess, design, develop, test, and implement Business Continuity & Disaster Recovery (BC/DR) solutions into a complex environment.Basic Qualifications:US Citizen and at least a Top Secret Clearance8+ years of experience and a Bachelor’s or advanced degree in Computer Science or similar field. Additional experience may be considered in lieu of a degree.Strong understanding of software development paradigms and supporting technologies (e.g., change management & version control, CI/CD, Agile planning tools such as Jira or Gitlab)Strong experience configuring CI/CD pipelines supporting software development activities in a DevSecOps environmentStrong experience administering complex environments with Linux and Windows operating systems, network administration, and networking protocols/functions (e.g., HTTP, HTTPS, SSL/TLS, SMTP, DNS)Extensive experience integrating security tooling into a hybrid cloud environment, with a nuanced understanding of the capabilities and drawbacks of each componentExtensive experience provisioning and managing resources within hybrid IaaS/Cloud infrastructures (e.g., Azure, AWS, Google Cloud Platform, etc.)Extensive experience with container technologies such as Docker and container orchestration tools like KubernetesExperience with automated provisioning and configuration tools like Terraform, CloudFormation, Chef, Puppet, Ansible or similar technologiesExperience integrating cloud services into solutions, especially Azure cloud servicesExcellent problem-solving and analysis skills, including the ability to logically create structure and order from unstructured inputs.Self-starter that is able to work independently while possessing the communication skills to work effectively with software development teams and customers.Excellent interpersonal, verbal, and written communication skills.Preferred Qualifications:Experience with Air Force Life Cycle Management Center programs.Microsoft Certified: Azure Solutions Architect Expert or similar certification.Advanced certifications such as Certified Information Systems Security Professional (CISSP), Certified DevSecOps Engineer (CDE), or similar.Extensive experience with security tools and practices relevant to DevSecOps (e.g., SAST, DAST, IAST).Experience deploying, configuring, and managing DevSecOps toolchains for an enterprise.Familiarity with cloud platforms (e.g., AWS, Azure, Google Cloud) and their security frameworks.Strong understanding of container security and orchestration tools (e.g., Kubernetes).Experience delivering software solutions into high-security or air-gapped environments in defense or other highly regulated industries such as finance or healthcare.Experience with compliance standards (e.g., OWASP, NIST) and DoD security regulations.Proven ability to drive change and influence security culture across an organization.
#J-18808-Ljbffr
Senior DevSecOps Engineer
to support a fast-paced program with the Air Force Life Cycle Management Center. This role is critical in establishing robust security practices throughout the software development lifecycle and ensuring compliance with stringent security standards. The ideal candidate will have extensive experience in DevSecOps, strong leadership abilities, and a commitment to fostering a culture of security within the organization. This position offers an exciting opportunity to shape the security landscape of an Air Force program, ensuring the secure development of software in a dynamic and innovative environment.Primary Responsibilities:Lead the design and implementation of security practices within the DevOps pipeline for DoD applications, ensuring alignment with regulatory requirements.Evaluate and select security tools, integrating them into CI/CD workflows to enhance application security.Conduct advanced vulnerability assessments, threat modeling, and penetration testing to proactively identify and mitigate security risks.Collaborate with cross-functional teams to develop and promote secure coding practices, incident response plans, and security training.Mentor and guide junior and mid-level engineers, fostering knowledge sharing and professional growth within the team.Drive the automation of security testing and compliance processes, utilizing Infrastructure as Code (IaC) and security automation tools.Stay abreast of industry trends, emerging threats, and best practices in DevSecOps and cybersecurity to continually improve security posture.Assess, design, develop, test, and implement Business Continuity & Disaster Recovery (BC/DR) solutions into a complex environment.Basic Qualifications:US Citizen and at least a Top Secret Clearance8+ years of experience and a Bachelor’s or advanced degree in Computer Science or similar field. Additional experience may be considered in lieu of a degree.Strong understanding of software development paradigms and supporting technologies (e.g., change management & version control, CI/CD, Agile planning tools such as Jira or Gitlab)Strong experience configuring CI/CD pipelines supporting software development activities in a DevSecOps environmentStrong experience administering complex environments with Linux and Windows operating systems, network administration, and networking protocols/functions (e.g., HTTP, HTTPS, SSL/TLS, SMTP, DNS)Extensive experience integrating security tooling into a hybrid cloud environment, with a nuanced understanding of the capabilities and drawbacks of each componentExtensive experience provisioning and managing resources within hybrid IaaS/Cloud infrastructures (e.g., Azure, AWS, Google Cloud Platform, etc.)Extensive experience with container technologies such as Docker and container orchestration tools like KubernetesExperience with automated provisioning and configuration tools like Terraform, CloudFormation, Chef, Puppet, Ansible or similar technologiesExperience integrating cloud services into solutions, especially Azure cloud servicesExcellent problem-solving and analysis skills, including the ability to logically create structure and order from unstructured inputs.Self-starter that is able to work independently while possessing the communication skills to work effectively with software development teams and customers.Excellent interpersonal, verbal, and written communication skills.Preferred Qualifications:Experience with Air Force Life Cycle Management Center programs.Microsoft Certified: Azure Solutions Architect Expert or similar certification.Advanced certifications such as Certified Information Systems Security Professional (CISSP), Certified DevSecOps Engineer (CDE), or similar.Extensive experience with security tools and practices relevant to DevSecOps (e.g., SAST, DAST, IAST).Experience deploying, configuring, and managing DevSecOps toolchains for an enterprise.Familiarity with cloud platforms (e.g., AWS, Azure, Google Cloud) and their security frameworks.Strong understanding of container security and orchestration tools (e.g., Kubernetes).Experience delivering software solutions into high-security or air-gapped environments in defense or other highly regulated industries such as finance or healthcare.Experience with compliance standards (e.g., OWASP, NIST) and DoD security regulations.Proven ability to drive change and influence security culture across an organization.
#J-18808-Ljbffr