DevSecOps Engineer
Description
Background Information:
Innovative Defense Technologies (IDT), provider of automated software testing, data analysis, and cybersecurity solutions for complex, mission-critical systems for the US Department of Defense (DOD) and commercial customers, is seeking a DevSecOps Engineer to be based in our Arlington, VA office. This individual will work with senior leadership and a fast-paced team of mission-focused engineers to solve some of our customer’s toughest challenges. Initiative, creativity, reliability, and efficient teamwork will be required to successfully deliver innovative solutions in this dynamic customer space.
Overview:
Innovative Defense Technologies (IDT), provider of automated software testing, data analysis, and cybersecurity solutions for complex, mission-critical systems for the US Department of Defense (DOD) and commercial customers, is seeking a DevSecOps Engineer to be based in our Arlington, VA office. This individual will work with senior leadership and a fast-paced team of mission-focused engineers to solve some of our customer’s toughest challenges. Initiative, creativity, reliability, and efficient teamwork will be required to successfully deliver innovative solutions in this dynamic customer space.
Overview:
At IDT, we are committed to delivering cutting-edge defense solutions that protect and empower our nation's security. As a leading provider of advanced technologies, we strive to stay ahead in an ever-changing landscape. We are seeking a skilled and driven DevSecOps (Development, Security, and Operations) Engineer to join our dynamic team and ensure the highest level of security and efficiency in our software products’ development and deployment processes.
This job requires a unique blend of skills from development, security, and operations domains. The successful candidate will contribute to building a high-quality and innovative Secured Software Supply Chain (S3C) that provides IDT engineering teams with the tools and environments that foster innovation for our customers by reducing the friction in building and testing our software products and enabling feedback throughout the software development life cycle.
As a member of the IDT DevSecOps team, you will engage in various tasks throughout the year. Objective Key Results (OKRs) are planned out for the year, with the focus being on improving areas like stability of the S3C and reducing/removing constraints for engineers in producing secure, quality products. Ad-hoc tasks come in ranging from a need to shift OKR priorities due to critical business needs, to recovering from a server power failure. All DevSecOps teammates contribute to the overarching goals while bringing specific areas of expertise to the team.
All applicants must currently possess an active U.S. Security Clearance.
Responsibilities Include:
This job requires a unique blend of skills from development, security, and operations domains. The successful candidate will contribute to building a high-quality and innovative Secured Software Supply Chain (S3C) that provides IDT engineering teams with the tools and environments that foster innovation for our customers by reducing the friction in building and testing our software products and enabling feedback throughout the software development life cycle.
As a member of the IDT DevSecOps team, you will engage in various tasks throughout the year. Objective Key Results (OKRs) are planned out for the year, with the focus being on improving areas like stability of the S3C and reducing/removing constraints for engineers in producing secure, quality products. Ad-hoc tasks come in ranging from a need to shift OKR priorities due to critical business needs, to recovering from a server power failure. All DevSecOps teammates contribute to the overarching goals while bringing specific areas of expertise to the team.
All applicants must currently possess an active U.S. Security Clearance.
Responsibilities Include:
- Infrastructure as Code (IaC): Develop and maintain automation for provisioning and updating the S3C stack and Kubernetes based deployments.
- Security Automation: Develop and maintain automated security testing processes, including static code analysis, static application security testing (SAST), software composition analysis (SCA), and security scanning for containers and infrastructure.
- CI/CD Pipeline Security: Integrate security checks at various stages of the CI/CD pipelines to ensure that security assessments are performed automatically during code build, testing, and deployment.
- Infrastructure Security: Implement security controls and best practices for cloud infrastructure, virtual machines, and container environments to safeguard against unauthorized access and data breaches in the S3C.
- Vulnerability Management: Identify, prioritize, and remediate security vulnerabilities across the development and testing environments. This includes coordinating with developers and operations teams to address critical issues promptly.
- Security Compliance: Work with our internal Cyber/Compliance/SECOPs groups to ensure that software and infrastructure meet relevant security compliance standards and regulations, such as DISA STIGs.
- Identity and Access Management (IAM): Manage access controls and permissions for users and applications, employing principles like least privilege and role-based access control (RBAC).
- Collaboration and Communication: Work closely with development, security, and operations teams to foster a culture of collaboration and shared responsibility for security.
- Continuous Improvement: Continuously evaluate and enhance our DevSecOps practices, tools, and processes to adapt to evolving security threats and industry best practices.
Minimum Required Qualifications:
- Minimum 5 years’ experience in DevOps/DevSecOps or full stack software development and test
- B.S. in a software engineering field
Required Skills:
- Experience with containerization technologies like podman and Docker
- Experience with virtualization (hypervisor) environments such as VMware
- Experience with Linux and Windows
- Experience in software development processes, version control systems (e.g., Git), and have experience in coding and scripting languages such as Python, Ruby, JavaScript, Shell scripting, etc.
- Experience working with software development tools such as Jenkins, Maven, Gradle, Nexus, etc.
- Working knowledge of Dev[Sec]Ops and CI/CD practices
- Familiarity with Infrastructure as Code (IaC) and automation tools such as Ansible or Puppet
- Familiarity with various security concepts, vulnerabilities, and best practices
- Ability to travel approximately 10%
Preferred Skills:
- Experience in DevSecOps and CI/CD
- Experience with Infrastructure as Code (IaC) and automation software such as Ansible or Puppet
- Experience with security testing tools such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), SCA (Software Composition Analysis), and other vulnerability scanning tools
- Familiarity with container orchestration platforms like Kubernetes
- Familiarity with common security threats and how to mitigate them, as well as be familiar with security frameworks and standards like OWASP and NIST
- Familiarity with industry-specific security compliance standards and regulations, such as DISA.
- Familiarity with network security concepts, firewalls, VPNs, and intrusion detection/prevention systems (IDS/IPS)
- Knowledge of authentication mechanisms (e.g., OAuth, SAML) and authorization protocols (e.g., RBAC, ABAC).
Competencies:
- Excellent communication skills and the ability to work effectively in a collaborative, fast-paced, and mission-driven environment
- Excellent problem-solving skills and the ability to think critically about security risks
- A willingness to adapt to new technologies and stay up to date with the latest security trends and best practices
- Be capable of working independently, but thrive in a team environment
EEO Statement:
IDT is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, protected Veteran status, or any other basis protected by federal, state, or local law.