Diverse Lynx
DevSecops Engineer @ Richardson, TX or Woonsocket, RI
Diverse Lynx, Richardson, Texas, United States, 75080
DevSecops Engineer
Richardson, TX or Woonsocket, RI Onsite
Contract
Interview Process: 1 internal + 2 client rounds
Job Summary: The DevSecOps Engineer integrates security practices into the DevOps process, ensuring that software development, deployment, and operations are secure from end to end.
Experience: 6-10 yrs
Required Skills: Programming & Scripting • Python, Bash, Go, Ruby, JavaScript • Regular expressions for parsing and automation Security Fundamentals • Cryptography (TLS, SSL, encryption standards) • Authentication & Authorization (OAuth2, SAML, JWT) • Secure coding practices and OWASP Top 10 Cloud Security • Identity and Access Management (IAM) • Cloud-native security tools (e.g., AWS GuardDuty, Azure Security Center) • Cloud workload protection platforms (CWPP) Container & Orchestration Security • Docker security best practices • Kubernetes RBAC, Network Policies, Pod Security Standards • Container scanning tools (e.g., Anchore, Sysdig) Networking & Firewalls • VPNs, proxies, load balancers • Network segmentation and zero-trust architecture Compliance & Auditing • SOC 2, PCI-DSS, HIPAA, GDPR • Audit logging and forensic analysis Tools & Platforms Security Testing • Static Analysis: SonarQube, Semgrep, Fortify • Dynamic Analysis: OWASP ZAP, Burp Suite • Dependency Scanning: Snyk, WhiteSource, Mend.io • Secrets Detection: GitLeaks, TruffleHog CI/CD & Automation • Jenkins, GitHub Actions, GitLab CI, CircleCI • ArgoCD, Spinnaker Cloud Platforms • AWS, Azure, Google Cloud Platform (GCP) • HashiCorp Vault (for secrets management) • Terraform, Pulumi (Infrastructure as Code tools) Monitoring & Logging • Prometheus, Grafana • ELK Stack (Elasticsearch, Logstash, Kibana) • Splunk, Datadog Vulnerability Management • Qualys, Nessus, OpenVAS • Prisma Cloud, Aqua Security Identity & Access Management • Okta, Auth0, AWS IAM • Keycloak
Responsibilities: 1. Security Integration in CI/CD Pipelines • Embed security checks (e.g., SAST, DAST, SCA) into continuous integration and deployment workflows. • Automate vulnerability scanning and remediation. 2. Infrastructure as Code (IaC) Security • Secure IaC templates (e.g., Terraform, CloudFormation). • Implement policies to prevent misconfigurations and enforce compliance. 3. Monitoring & Incident Response • Set up security monitoring tools (e.g., SIEM, IDS/IPS). • Respond to security incidents and perform root cause analysis. 4. Threat Modeling & Risk Assessment • Conduct threat modeling during design and development phases. • Assess risks and recommend mitigation strategies. 5. Tooling & Automation • Select and integrate security tools (e.g., SonarQube, Aqua Security, HashiCorp Vault). • Automate security tasks to reduce manual effort and human error. 6. Compliance & Governance • Ensure adherence to standards like ISO 27001, NIST, GDPR, HIPAA. • Maintain audit trails and documentation for compliance. 7. Collaboration & Training • Work closely with developers, operations, and security teams. • Educate teams on secure coding practices and DevSecOps principles.
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.
Interview Process: 1 internal + 2 client rounds
Job Summary: The DevSecOps Engineer integrates security practices into the DevOps process, ensuring that software development, deployment, and operations are secure from end to end.
Experience: 6-10 yrs
Required Skills: Programming & Scripting • Python, Bash, Go, Ruby, JavaScript • Regular expressions for parsing and automation Security Fundamentals • Cryptography (TLS, SSL, encryption standards) • Authentication & Authorization (OAuth2, SAML, JWT) • Secure coding practices and OWASP Top 10 Cloud Security • Identity and Access Management (IAM) • Cloud-native security tools (e.g., AWS GuardDuty, Azure Security Center) • Cloud workload protection platforms (CWPP) Container & Orchestration Security • Docker security best practices • Kubernetes RBAC, Network Policies, Pod Security Standards • Container scanning tools (e.g., Anchore, Sysdig) Networking & Firewalls • VPNs, proxies, load balancers • Network segmentation and zero-trust architecture Compliance & Auditing • SOC 2, PCI-DSS, HIPAA, GDPR • Audit logging and forensic analysis Tools & Platforms Security Testing • Static Analysis: SonarQube, Semgrep, Fortify • Dynamic Analysis: OWASP ZAP, Burp Suite • Dependency Scanning: Snyk, WhiteSource, Mend.io • Secrets Detection: GitLeaks, TruffleHog CI/CD & Automation • Jenkins, GitHub Actions, GitLab CI, CircleCI • ArgoCD, Spinnaker Cloud Platforms • AWS, Azure, Google Cloud Platform (GCP) • HashiCorp Vault (for secrets management) • Terraform, Pulumi (Infrastructure as Code tools) Monitoring & Logging • Prometheus, Grafana • ELK Stack (Elasticsearch, Logstash, Kibana) • Splunk, Datadog Vulnerability Management • Qualys, Nessus, OpenVAS • Prisma Cloud, Aqua Security Identity & Access Management • Okta, Auth0, AWS IAM • Keycloak
Responsibilities: 1. Security Integration in CI/CD Pipelines • Embed security checks (e.g., SAST, DAST, SCA) into continuous integration and deployment workflows. • Automate vulnerability scanning and remediation. 2. Infrastructure as Code (IaC) Security • Secure IaC templates (e.g., Terraform, CloudFormation). • Implement policies to prevent misconfigurations and enforce compliance. 3. Monitoring & Incident Response • Set up security monitoring tools (e.g., SIEM, IDS/IPS). • Respond to security incidents and perform root cause analysis. 4. Threat Modeling & Risk Assessment • Conduct threat modeling during design and development phases. • Assess risks and recommend mitigation strategies. 5. Tooling & Automation • Select and integrate security tools (e.g., SonarQube, Aqua Security, HashiCorp Vault). • Automate security tasks to reduce manual effort and human error. 6. Compliance & Governance • Ensure adherence to standards like ISO 27001, NIST, GDPR, HIPAA. • Maintain audit trails and documentation for compliance. 7. Collaboration & Training • Work closely with developers, operations, and security teams. • Educate teams on secure coding practices and DevSecOps principles.
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.