Utah Staffing
DevSecOps Engineer
What success looks like in this role: DevSecOps Pipeline Design and Automation: Design and implement secure, automated CI/CD pipelines in AWS using tools like AWS CodePipeline, Jenkins, GitLab CI, and other DevOps tools while ensuring security is built into every phase of development, from code to production. Cloud Infrastructure Security: Architect, configure, and maintain secure AWS infrastructure using best practices in identity and access management (IAM), networking, encryption, and more, with a focus on risk mitigation and compliance. Security Integration: Integrate security tools and practices into the DevOps lifecycle, including code scanning, vulnerability assessments, compliance checks, and automated security testing. Security Monitoring and Incident Response: Continuously monitor AWS environments for security vulnerabilities and performance issues. Implement proactive monitoring tools (e.g., AWS CloudTrail, GuardDuty, AWS Security Hub) and lead incident response efforts to mitigate threats. Automation and Infrastructure as Code (IaC): Leverage tools like Terraform, AWS CloudFormation, and the AWS CLI to automate the deployment and management of secure infrastructure. Risk Management and Compliance: Ensure that AWS-based applications and systems adhere to industry standards and compliance frameworks (e.g., SOC 2, GDPR, PCI-DSS) by implementing and maintaining security controls and audits. Collaboration and Mentoring: Work closely with development, security, and operations teams to ensure seamless integration of security into the DevOps pipeline. Mentor and guide junior engineers on best practices for security in DevOps environments. Continuous Improvement: Stay up-to-date with the latest trends, tools, and best practices in DevSecOps, AWS, and cloud security. Proactively recommend improvements to systems and processes for better security posture, performance, and cost-efficiency. Documentation and Reporting: Maintain detailed documentation for DevSecOps processes, including security configurations, vulnerability reports, and incident responses. You will be successful in this role if you have: Experience: 2-3 years of hands-on experience in DevOps, with at least 1 year focusing on AWS cloud environments and security integration in the DevOps lifecycle. AWS Services Expertise: Strong knowledge of core AWS services, including EC2, VPC, IAM, Lambda, S3, RDS, and CloudWatch. Experience with security-focused AWS services such as AWS Security Hub, GuardDuty, and KMS is required. DevOps Tools: Proficiency in DevOps tools for CI/CD pipelines, including AWS CodePipeline, Jenkins, GitLab CI, or similar. Experience with containerization and orchestration tools (e.g., Docker, Kubernetes, Amazon EKS). Security Tools and Practices: Experience with automated security tools such as Snyk, Checkmarx, SonarQube, or others for static and dynamic code analysis, as well as infrastructure scanning tools like AWS Config and Prisma Cloud. Infrastructure as Code (IaC): Hands-on experience using Terraform, AWS CloudFormation, or similar IaC tools to automate secure cloud infrastructure. Compliance and Risk Management: Expertise in implementing security controls, vulnerability management, and compliance frameworks (SOC 2, ISO 27001, GDPR, PCI-DSS, etc.) in cloud environments. Security Architecture and Practices: Strong understanding of security best practices including encryption (at rest and in transit), identity and access management (IAM), network segmentation, and secure coding practices. Scripting and Automation: Proficiency in scripting languages (Python, Bash, or PowerShell) for automation of security and operational tasks.
What success looks like in this role: DevSecOps Pipeline Design and Automation: Design and implement secure, automated CI/CD pipelines in AWS using tools like AWS CodePipeline, Jenkins, GitLab CI, and other DevOps tools while ensuring security is built into every phase of development, from code to production. Cloud Infrastructure Security: Architect, configure, and maintain secure AWS infrastructure using best practices in identity and access management (IAM), networking, encryption, and more, with a focus on risk mitigation and compliance. Security Integration: Integrate security tools and practices into the DevOps lifecycle, including code scanning, vulnerability assessments, compliance checks, and automated security testing. Security Monitoring and Incident Response: Continuously monitor AWS environments for security vulnerabilities and performance issues. Implement proactive monitoring tools (e.g., AWS CloudTrail, GuardDuty, AWS Security Hub) and lead incident response efforts to mitigate threats. Automation and Infrastructure as Code (IaC): Leverage tools like Terraform, AWS CloudFormation, and the AWS CLI to automate the deployment and management of secure infrastructure. Risk Management and Compliance: Ensure that AWS-based applications and systems adhere to industry standards and compliance frameworks (e.g., SOC 2, GDPR, PCI-DSS) by implementing and maintaining security controls and audits. Collaboration and Mentoring: Work closely with development, security, and operations teams to ensure seamless integration of security into the DevOps pipeline. Mentor and guide junior engineers on best practices for security in DevOps environments. Continuous Improvement: Stay up-to-date with the latest trends, tools, and best practices in DevSecOps, AWS, and cloud security. Proactively recommend improvements to systems and processes for better security posture, performance, and cost-efficiency. Documentation and Reporting: Maintain detailed documentation for DevSecOps processes, including security configurations, vulnerability reports, and incident responses. You will be successful in this role if you have: Experience: 2-3 years of hands-on experience in DevOps, with at least 1 year focusing on AWS cloud environments and security integration in the DevOps lifecycle. AWS Services Expertise: Strong knowledge of core AWS services, including EC2, VPC, IAM, Lambda, S3, RDS, and CloudWatch. Experience with security-focused AWS services such as AWS Security Hub, GuardDuty, and KMS is required. DevOps Tools: Proficiency in DevOps tools for CI/CD pipelines, including AWS CodePipeline, Jenkins, GitLab CI, or similar. Experience with containerization and orchestration tools (e.g., Docker, Kubernetes, Amazon EKS). Security Tools and Practices: Experience with automated security tools such as Snyk, Checkmarx, SonarQube, or others for static and dynamic code analysis, as well as infrastructure scanning tools like AWS Config and Prisma Cloud. Infrastructure as Code (IaC): Hands-on experience using Terraform, AWS CloudFormation, or similar IaC tools to automate secure cloud infrastructure. Compliance and Risk Management: Expertise in implementing security controls, vulnerability management, and compliance frameworks (SOC 2, ISO 27001, GDPR, PCI-DSS, etc.) in cloud environments. Security Architecture and Practices: Strong understanding of security best practices including encryption (at rest and in transit), identity and access management (IAM), network segmentation, and secure coding practices. Scripting and Automation: Proficiency in scripting languages (Python, Bash, or PowerShell) for automation of security and operational tasks.