Education:
Bachelor of Science (BS) degree or greater in Computer Engineering, Electrical Engineering, or Systems Engineering.
DevSecOps Engineer
Seeking a highly skilled DevSecOps Engineer with expertise in technical, operational, and security risk analysis and security automation in a Kubernetes environment.
Job Description
Docker / Kubernetes
- Expertise in securing large scale Kubernetes (K8s) environment production environment supporting DevSecOps teams and a solid understanding of how docker / Kubernetes works including concepts such as Cgroup, namespaces, advisor, heapster and container-SELinux, core DNS, etc.
- Expertise in K8s pod security policy including experience in writing, maintaining, and deploying pod security policy in multi-tenant Kubernetes (K8s) environment
- Expertise in container network including expertise in the implementation of services mesh, network policies to support micro-segmentation/mutual TLS in Kubernetes (K8s) environment using tools such as istio, calico, and AWS app mesh, etc
- Expertise in the end to end container image lifecycle including build, hardening, signing, vulnerability scanning, container image repository management using tools such as Anchore, Twistlock, Aqua, Notary, Grafeasetc
- Expertise in collecting and analyzing logs in Kubernetes (K8s) for a variety of different reasons including ascribing a change to a particular user, detect anomalous behaviors, and root cause analysis
- Expertise with Kubernetes automated security testing approaches and such as KubeTest, KubeHunter, kubeaudit, kauditetc and container runtime security tools such as twistlock, aqua, stackrox etc..
DevSecOps
- Expertise in securing and managing production workload in amazon cloud including services such as EKS, ECS, ECR, IAM. Secret manager, KMS, etc.
- Expertise in writing IaC codes using terraform, ansible, packer, etc. and demonstrate good software development practices such as branching strategy and test-driven development. Experience in testing infrastructure code leveraging tools such as test kitchen etc.
- Expertise in working with Ci/CD tools and pipeline such as Jenkins, Github, circleci, Gitflow, artifact repository
- Expertise in working with scripting languages such as python, golang, javascript, etc
- Expertise in integrating security checks and security tools such as vulnerability scanner, static/dynamic code scanning in the application deployment pipeline
- Expertise in securing and hardening Docker and Kubernetes. Understanding of security benchmarks such as cis benchmarks.
- Expertise in change reviews, code review, production release review from a security perspective
- DevOps practices and collaboration tools such as Trello, Jira, sprint planning, task ownership, comfortable in customer-facing roles. Familiar with agile release train concept and methodology
Security Generalist
- Expertise in Cloud security fundamentals, including cryptography and the shared responsibility model
- Expertise in AWS Security principles and services, EKS, ECS, AWS Config, AWS IAM, AWS KMS, AWS networking, AWS GuardDuty, AWS CloudTrails, VPC Flow Logs, Inspector, WAF, CloudHSM, etc. from a security perspective
- Expertise and knowledge of common security domains such as network security, data encryption, certificate management, authentication/authorization, application security, change management, etc..
- Familiarity with different security/compliance frameworks such as NIST 800-53, PCI, CIS, etc..