Neocova is looking to bring on a SecDevOps engineer that knows how to ensure security across a CI/CD pipeline, engineer AWS platforms, and has a passion for solving cybersecurity engineering challenges. You will work collaboratively with internal teams to automate and streamline our operations and processes, deploy, manage, and maintain systems and infrastructure. In conjunction with the Cyber Security Architect, and infrastructure and development teams, you will ensure that building, testing, and releasing software happens rapidly and frequently with minimal re-work. You will focus on process improvements to drive and utilize metrics for increasing efficiency while always keeping security tightly integrated into the SDLC.
The SecDevOps Engineer provides a high level of technical expertise for the implementation of enterprise security controls for cloud computing, telecommunications, data networks, systems, and applications in the regulated financial sector. A key function of this position is to enable consistency in security services for addressing business requirements. Additionally, the Engineer will consult with operational departments on approved security controls to ensure adherence to industry best practices, Financial Regulator, US, State, and local laws, codes, rules, regulations, policies and procedures.
This job may include the following job duties and is not an all-inclusive list of all job duties that may be required. Employees will be required to perform other related duties as assigned.
Plan, deploy and manage security systems and infrastructure within Amazon Web Services to support the rapid development, testing and deployment of products and align security, compliance, performance and resilience.
Streamline and integrate security operations for developers.
Build and maintain a set of tools that enable developers to self-serve for most operational tasks.
Look for improvement opportunities for long-term SecDevOps practices and lead change to remove impediments.
Contribute to the agile software program to deliver Secure Development Operations.
Collaborate with program development and test engineers to understand CI/CD requirements.
Serve as a liaison to facilitate technical exchanges in meetings and identify and coordinate requirements.
Provide expertise and guidance in the development of SecDevOps culture, process, pipeline and platform behaviors and implement Continuous Integration, Continuous Delivery and automation efforts.
Support the selection of the best SecDevOps tools and processes to optimize technologies for rapid and stable deployment.
Drive the adoption of best practices and standards to integrate SecDevOps into the environment.
Serve as the primary technical resource for the implementation, maintenance, and administration of SecDevOps toolchain infrastructure.
Build and maintain monitoring, auditing, and reporting infrastructure using industry standards and best practices that produce artifacts to support security and compliance requirements.
Work with other team members on tactical troubleshooting steps and ‘quickest path to resolution’.
Identify bottlenecks and bugs and devise elegant solutions.
Participate in the full software development lifecycle, working within broadly defined parameters.
Proactively contribute to the quality of the product by seeking and proposing new or alternate approaches to address the requirements.
Maintain and enhance infrastructure-as-code to support Information Security visibility and configuration management objectives.
Configure cybersecurity systems to monitor and protect container based computing applications.
Participate and provide support during high priority cybersecurity incidents.
Participate in the development of comprehensive multi-year cybersecurity strategies with technical implementation guidance.
Contribute to the development and delivery of conceptual and detailed security design artifacts for back-end and client-facing technology solutions.
Perform security technology research along with the Cyber Security Architect for strategic, tactical, and operational business needs and deliver research results to internal stakeholders through formal deliverables and verbal dialog while adjusting the message based on the audience’s acumen on the subject.
Minimum education and/or experience:
Bachelor’s degree in computer science or other technical/scientific discipline. Equivalent work experience will be considered as an acceptable alternative.
4 years’ related work experience including:
- 2 years’ experience with cloud services and solutions including hardening and instrumentation of these environments for monitoring and security (AWS, GCP, Azure)
- 2 years’ experience with automation solutions.
Fundamental understanding of the underlying protocols and data used for security monitoring services, such as TCP/IP and HTTPS.
Familiarity with cyber security fundamentals and ability to apply them to real world systems
Awareness of cybersecurity trends and hacking techniques.
Excellent problem solving, troubleshooting, organizational, and verbal/written communication skills
Intermediate or higher skills and experience with common operating systems such as MacOS and Linux
Intermediate or higher experience with workflow automation tools and applied scripting and programming supporting SecDevOps environments using Terraform, Node.js, Bash, Python, and Python Libraries related to automation, ingestion and production
Experience working with JSON or YAML to write Infrastructure as Code.
Experience with git distributed version control system (Bitbucket, GitHub)
Experience with SecDevOps tool implementation and administration (Jira, Confluence, Nexus, Bitbucket)
Experience in Agile-based software development, including Agile ceremonies (Scrum, Kanban, SAFe)
Focused on automation: Wherever possible, you look for ways to automate manual processes to increase efficiency, speed, and operability of tasks.
The successful candidate has the ability to think with a security mindset, and has a strong information security and technology background. The SecDevOps Engineer is expected to have meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure and deliver on tight deadlines.
Thorough knowledge of common security standards to include NIST Cybersecurity Framework, NIST 800-53, ISO 27001, and COBIT and their application within a regulated financial sector institution.
Hands-on AWS experience.
Experience with MongoDB Atlas.
Experience protecting sensitive information under various privacy laws including GLBA and CCPA.
Familiarity with container orchestration services, especially Kubernetes.
Experience with Application Security controls including design, dynamic scans and static code analysis.
Experience with encryption technologies (PGP, PKI and X.509).
Technical understanding of forensic, malware and vulnerability assessment tools.
Identity and access management (IAM) experience including LDAP, Multi-factor Authentication (MFA) and Single Sign On (SSO) solutions.
Ability to articulate business risk associated with identified security weaknesses to senior management.
Strong conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible smodels and templates.
Ability to express complex technical concepts effectively, both verbally and in writing.
Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT and business personnel.
Proficient with GSuite.
Knowledge of Lean management methodology.
Previous military, law enforcement, or national security experience. Government Security Clearance is a plus.
Professional network and/or security certifications a plus (i.e., GIAC, CISSP, CISA, CISM, CRISC, CCSP, Security+).