Damco Solutions
Sr DevOps Engineer (Cloud Security) Job at Damco Solutions in The Colony
Damco Solutions, The Colony, TX, US
Sr DevOps Engineer (Cloud Security) Frisco, TX (Onsite / REMOTE) Contract Job Description: Skill Description Level (Advance, Intermediate, beginner) Hands-on Development in Programming Languages Worked on python for automating the infrastructure deployments. Cloud Security Worked on AWS security hub, IAM, PrivateLink IAM (Identity and Access Management) Worked on creating IAM roles, policies, permission boundaries RBAC (Role-Based Access Control) implemented RBAC systems to define and enforce role-based permissions for users, ensuring secure and granular access control across applications and services. Security Monitoring Solutions Designed and deployed comprehensive security monitoring solutions using tools such as Splunk, AWS CloudTrail, AWS GuardDuty, and Azure Security Center to detect and respond to potential threats in real time GitOps Worked on Github actions and Gitlab DevOps Models Worked on various devops tools , implemented CI-CD for infrastructure and application deployment. Platform Development Integrated diverse microservices, APIs, and databases to create a unified platform supporting modular development and deployment. Composition Development Implemented microservices architecture to compose and orchestrate complex applications, enabling independent service development, deployment, and scaling. OPA (Open Policy Agent) Created automated security baselines and configurations using Open Policy Agent and AWS Config Rules to maintain adherence to internal and external regulatory requirements utomation Designed and enforced cloud security best practices, including identity and access management IAM, VPC, Security Groups, NACLs and data encryption, across public cloud environments. Public Cloud Infrastructure Security utomated the detection and remediation of security vulnerabilities, misconfigurations, and compliance issues across cloud environments using security tools like AWS Config. Profile 1: Good understanding of IAM concepts; Knowledge of security concepts (with zero-trust design principles as plus); Hands-on experience designing and implementing for information security on public cloud; Strong knowledge of security across layers (OS, network, application, data, container, CI/CD, etc.); Experience with Wiz (or similar CNAPP solutions) would be a plus; Experience with designing and implementing SIEM/SOAR solution would be plus; Hands-on experience with CSP security tools (like AWS Security Hub, Azure Security Center or GCP Security Command Center) would be plus; Proficiency in Python or Golang for security, automation or observability engineering; Hands-on experience with automation and development; Ability to work independently and collaboratively; Profile 2: Deep understanding of cloud computing, including virtualization, containerization, and microservices; Understanding of all basic CSP (AWS, Azure or GCP) services; Understanding of security concepts - Kubernetes security, IAM security, container security, network security, auditing, data protection, and CI/CD security; Experience designing and authoring policy as code (OPA/ Cedar) or CSP Service Control Policies; Proficiency in Python or Golang for security, automation or observability engineering; Experience in devops and agile for solution delivery through CI/CD; Hands-on experience with automation and API development; Ability to work independently and collaboratively Cloud AWS , Azure and GCP ( Strong knowledge in any of these platforms). Strong experience in security services (for eg: IAM, Security hub, Security Center) in any of the cloud platform. Python or Golang skills in API development. Strong knowledge of security across layers (OS, network, application, data, container, CI/CD, etc.)