DevSecOps Engineer SME (IMC00588)

The DevSecOps engineer SME will support and provide expertise to a successful cybersecurity and privacy program for a government customer. The DevSecOps engineer SME will be responsible for designing, implementing, and maintaining secure systems and networks. The SME will work closely with cross-functional teams, including IT, network engineering, and cybersecurity, to ensure that systems and networks are secure, compliant with applicable regulations, and protected against unauthorized access and other security risks.

Duties/Responsibilities: This position will include, but is not limited to, the following tasks:

• Configure and build Kubernetes clusters (EKS) implementing security best practices.
• Create CI/CD pipelines for application builds and security use cases leveraging GitLab CI.
• Use GitOps process builds leveraging Flux CD, creating security configurations for application and improvements to currents designs.
• Administer and improve the security pipeline for static application security testing (SAST), dynamic application security testing (DAST), vulnerability and compliance checks, and overall strategy of deployment.
• Assist with configuration and design of APP Mesh and micro-service design from a security perspective.
• Containerize security tools.
• Develop Terraform modules for security needs, to include Kubernetes cluster builds (EKS) and general AWS resources.
• Perform as a part of Agile development teams to deliver an end-to-end automation of deployment, monitoring, and infrastructure management in a cloud environment.
• Build and configure delivery environments supporting CD/CI tools using an Agile delivery methodology.
• Create scripts and/or templates to automate and/or bootstrap infrastructure provisioning and management tasks.
• Work closely with development team to create an automated continuous integration (CI) and continuous delivery (CD) system.
• Work together with vendors and other IT personnel for problem resolution.
• Monitor and support all installed systems and infrastructure.
• Develop custom scripts to increase system efficiency and lower the human intervention time on any tasks.
• Contribute to the design of information and operational support systems.
• Evaluate application performance, identify potential bottlenecks, develop solutions, and implement them with the help of developers.

Basic Required Qualifications and Skills:  Note: These are mandatory items that all candidates must have when making application to IMC for this position. Please ensure that your submission addresses each of these requirement items. Candidates without these required elements will not be considered.

• Bachelor's degree in business, information technology, or related field of study.
  • 10 years of experience in computer security may substitute for degree.
• Seven or more years of experience in cybersecurity.  
• At start date, must possess one of the following professional certifications in ACTIVE status: CISM, CISSP, GSLC, CEH, LPT, CPT (similar level certifications considered on a case-by-case basis).
• Experience with the following:
  • GitLab CI and creating templates and multi-stage pipelines.
  • Kubernetes best practices and App Mesh (Istio).
  • Creating organizational golden images and implementing security and hardening needs.
  • OPA and Kubescan for compliance and hardening.
  • Terraform and creating modules.
  • Prometheus for monitoring and writing scrape jobs to ingest security appropriate metrics.
  • GitOps especially Flux and its best practices to improve processes and delivery.
  • Fully automating CI/CD pipelines end-to-end, from code commits to production.
  • Deploying and monitoring web applications in AWS.
  • Infrastructure as Code and infrastructure testing strategies.
  • Systems reliability, load balancing, monitoring, logging.
  • Secure development, coding, and engineering practices.
• Strong scripting skills, including shell scripts, Perl, Ruby, Python, Go, Groovy, Helm, etc.
• Excellent knowledge of networking technologies, particularly with OSI network layers and TCP/IP.
• Excellent oral, written, and verbal communication skills.
• Knowledge of:
  • NIST Cybersecurity and Risk Management frameworks and associated requirements.
  • Risk management processes (e.g., methods for assessing and mitigating risk).
  • Cybersecurity/privacy principles and cyber threats and vulnerabilities.
• Pursuant to a government contract, this specific position requires U.S. Citizenship.
• Must possess or be able to obtain a federal background investigation of Tier 4 Critical Non-Sensitive (Form SF 85P).

Desired Qualifications and Skills:  It is desirable that the candidate has the following qualifications:

Experience in one or more of the following areas:

• Zero Trust,
• AWS Certified Architect,
• Cyber program analysis,
• Cyber development, engineering, and architecture,
• Splunk engineering and administration,
• Crafting and authoring cyber policy, and/or
• Linux administration.