DevSecOps Engineer (Cyber Security Engineer)
![Premium Job From Nigel Frank International](/images/adverts_recruiters_150/nigel-frank.jpg)
Recruiter
Listed on
Location
Salary/Rate
Type
Start Date
This job has now expired please search on the home page to find live IT Jobs.
Cybersecurity Software Engineer - DevSecOps Specialist
One of our repeat clients is looking for an experienced DevSecOps Specialist to work with the global engineering and development teams as they develop a cutting-edge password-less and badge-less identity platform. This position is responsible for enabling a secure code base and ensuring static and dynamic code analysis in combination with penetration testing incorporation into sprint.
Location: Denver, CO
Responsibilities Include:
- Supporting code build Baseline Objectives and Optimization Measurements (BOOM) on security vulnerability survival time, net new arrival, burn-down, wait time, and escape rates from pre-production into production.
- Oversee continuous internal and external penetration testing and remediation. Utilize industry tools, including root-cause-analysis.
- Manage Security Operations Center (SOC) vendor relationship based on pre-defined service agreements. Heavy focus on automation, documentation, collaboration, and working with teams in Europe, USA, and Asia.
- Triage new incoming issues to determine the level of risk, and accordingly prioritize remediation in conjunction with the impacted service team.
Requirements:- 5+ years of experience in areas such as systems, network, and/or application security.- 3+ years of scripting/coding experience in Python.
- 3+ years of experience with GitHub, Jira, Docker, and Kubernetes.
- Prior experience operating applications on AWS.- Familiar with automated configuration management, provisioning, and IaC tools and concepts. (Terraform, Salt, etc.)
- Experience coordinating and performing penetration testing and vulnerability assessments using automated and manual tools.
- Deep knowledge of key management systems, certificate management, encryption, penetration testing, vulnerability scanning, security, and monitoring tools, etc.
- Experience with SIRP, SIEM, and IDS/IPS/WAF solutions.
- Ability to work with APIs to integrate security tooling into CI/CD pipelines, reports, and automated processes.
- Knowledge of common attack vectors including OWASP Top 10, DDoS, Phishing, etc.