DevSecOps Engineer

Role: DevSecOps Engineer

Employment Type: Contractual

Work Location: 100% Remote

Experience: 4 to 8 Years

Duration : minimum 6 months

Key Responsibilities and Required Skills:

FedRAMP Compliance: Ability to learn and interpret FedRAMP Moderate controls documentation, integrating those requirements into processes and systems to ensure compliance.

AWS System Hardening: Experience in hardening AWS systems and services by applying Security Technical Implementation Guides (STIGs) and other industry best practices to improve cloud infrastructure security.

Infrastructure Code Security: Proficiency in identifying and fixing security vulnerabilities in Infrastructure-as-Code (Terraform) configurations, ensuring that provisioning scripts follow secure coding standards.

Vulnerability Patching: Regular application of security patches and updates to servers, applications, and dependencies to mitigate known vulnerabilities and maintain system integrity.

Security Scanning & Remediation: Assistance in running security scans (e.g., using Snyk and other tools) on codebase and container images, and timely remediation of discovered vulnerabilities.

Documentation for Certification: Development of new security processes and procedure documents required for FedRAMP Moderate certification, including policies, standard operating procedures, and compliance evidence.

Security Testing: Ability to perform security testing on both infrastructure and applications (e.g., configuration reviews, penetration testing coordination, code security reviews) to proactively identify and address security issues.

DevSecOps Expertise: Proven experience in a DevSecOps or security-focused DevOps role, with hands-on knowledge of integrating security into CI/CD pipelines and cloud environments.

AWS Security Knowledge: Strong familiarity with AWS services and security features, including experience hardening cloud resources (applying STIGs or similar security benchmarks).

Infrastructure as Code: Experience with Terraform (or similar IaC tools) and a deep understanding of how to secure infrastructure code, including detecting and fixing misconfigurations in Terraform scripts.

Vulnerability Management: Proficiency with vulnerability scanning tools (e.g., Snyk, Nessus) and patch management processes, with a track record of remediating findings promptly.

Compliance Awareness: Basic knowledge of FedRAMP, NIST 800-53, or similar security frameworks is highly beneficial (no specific certification required, but a willingness to learn and apply these standards is expected).

Documentation Skills: Ability to create clear and detailed security documentation, runbooks, and standard operating procedures that align with compliance requirements.

Problem-Solving: Strong troubleshooting skills and a proactive approach to identifying and resolving security issues across both infrastructure and application layers.

Communication: Excellent communication and collaboration skills, with the ability to work effectively in a remote team environment and report on security posture to stakeholders.