Washington DC
Remote
C2C  Rate is $70
H1B / GC / Citizen 

Job Duties
• Collaborate with cross-functional teams to design, implement, and maintain secure and
scalable DevSecOps pipelines that integrate continuous integration, continuous delivery
(CI/CD), and security practices.
• Automate deployment, configuration, and monitoring of infrastructure and applications
using modern tools and technologies.
• Implement and enforce security controls and best practices throughout the software
development lifecycle.
• Conduct regular security assessments, vulnerability scans, and penetration tests to
identify and address potential security vulnerabilities.
• Ensure compliance with industry standards and regulatory requirements related to security and privacy.
• Integrate security tools and practices, such as static analysis, dynamic analysis, and
container security, into the CI/CD pipeline.
• Monitor and respond to security incidents and alerts, coordinating with relevant teams to
implement timely solutions.
• Provide technical expertise and guidance to development and operations teams on security best practices and risk mitigation strategies.
• Stay up to date with emerging security threats and vulnerabilities, and proactively
recommend solutions to address potential risks.
• Collaborate with the development team to ensure that security is incorporated into the
design and architecture of applications.
• Participate in code reviews, identify security flaws, and suggest remediation strategies.
• Document processes, procedures, and best practices to improve team knowledge and
efficiency.

Key Skills Required:

• Proven experience as a DevSecOps Engineer, Security Engineer, or similar role.
• Must have experience in container hardening and container building (such as
IronBank).
• Experience with Node.js, npm, and yarn.
• Experience with React, Docker, Java, .NET
• Hands-on experience working with IDP to include: Predefined templates for environments and pipelines. Testing and staging environments. Integration with CI/CD tools. Monitoring and logging capabilities.
• Experience with DevSecOps, CI/CD, application modernization, and/or cloud-native
application development will provide a useful context for the work that needs to be done.
• Strong knowledge of DevOps principles and practices, as well as software development
methodologies.
• Familiarity with cloud computing platforms (e.g., AWS, Azure, Google Cloud) and
infrastructure-as-code (IaC) tools (e.g., Terraform, CloudFormation).
• Experience with containerization technologies such as Docker and Kubernetes.
• Proficiency in scripting and automation using languages such as Python, PowerShell, or
Bash.
• Knowledge of security frameworks and compliance standards (e.g., NIST, CIS, OWASP).
• Hands-on experience with security tools such as vulnerability scanners, intrusion detection systems, and log analysis tools.
• Relevant certifications such as Certified DevSecOps Engineer, Certified Information
Systems Security Professional (CISSP), or equivalent, are a plus.

Sr DevSecOps Engineer

Job Duties:

• Collaborate with cross-functional teams to design, implement, and maintain secure and scalable DevSecOps pipelines that integrate continuous integration, continuous delivery (CI/CD), and security practices.
• Automate deployment, configuration, and monitoring of infrastructure and applications using modern tools and technologies.
• Implement and enforce security controls and best practices throughout the software
development lifecycle.
• Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security vulnerabilities.
• Ensure compliance with industry standards and regulatory requirements related to security and privacy.
• Integrate security tools and practices, such as static analysis, dynamic analysis, and container security, into the CI/CD pipeline.
• Monitor and respond to security incidents and alerts, coordinating with relevant teams to
implement timely solutions.
• Provide technical expertise and guidance to development and operations teams on security best practices and risk mitigation strategies.
• Stay up to date with emerging security threats and vulnerabilities, and proactively recommend solutions to address potential risks.
• Collaborate with the development team to ensure that security is incorporated into the design and architecture of applications.
• Participate in code reviews, identify security flaws, and suggest remediation strategies.
• Document processes, procedures, and best practices to improve team knowledge and efficiency.

Key Skills Required:

• Proven experience as a DevSecOps Engineer, Security Engineer, or similar role.
• Must have experience with internal developer platforms (backstage) and experience with JavaScript and JavaScript build process experience using npm.
• Must have experience with script builds using npm.
• Experience with Node.js, npm, and yarn.
• Experience with React, Docker, Java, .NET
• Hands-on experience working with IDP to include: Predefined templates for environments and pipelines. Testing and staging environments. Integration with CI/CD tools. Monitoring and logging capabilities.
• Experience with DevSecOps, CI/CD, application modernization, and/or cloud-native application development will provide a useful context for the work that needs to be done.
• Strong knowledge of DevOps principles and practices, as well as software development
methodologies.
• Familiarity with cloud computing platforms (e.g., AWS, Azure, Google Cloud) and infrastructure-as-code (IaC) tools (e.g., Terraform, CloudFormation).
• Experience with containerization technologies such as Docker and Kubernetes.
• Proficiency in scripting and automation using languages such as Python, PowerShell, or Bash.
• Knowledge of security frameworks and compliance standards (e.g., NIST, CIS, OWASP).
• Hands-on experience with security tools such as vulnerability scanners, intrusion detection systems, and log analysis tools.
• Relevant certifications such as Certified DevSecOps Engineer, Certified Information Systems Security Professional (CISSP), or equivalent, are a plus.