🚀 Launch your SaaS fast, with Larafast.

Production ready Laravel Starter Kit with everything that you need to start your next SaaS project, AI Wrapper or any other web application.

Launch Your SaaS Fast

DevSecOps Engineer (Top Secret Clearance Required)

Latitude

Washington, DC

On-site

Contract -to - Hire

Salary: USD130,000.00 - USD168,000.00

Moderate

Summary

Responsibilities

Embed security controls, processes, and tools into the DevOps pipeline.
Develop and maintain secure infrastructure using IaC tools.
Implement and manage security monitoring tools and automated incident response playbooks.
Conduct security training and awareness sessions for development and operations teams.
Ensure compliance with relevant regulatory requirements and maintain detailed documentation.

Requirements

Active Top Secret clearance or higher.
Experience with security testing automation and IaC tools.
Knowledge of compliance standards such as GDPR, HIPAA, and PCI-DSS.

Benefits

Competitive salary range of $130,000 - $168,000 a year.
Opportunity for contract-to-hire position.
Collaborative work environment with emphasis on security integration.

Apply Now

👉 Please mention that you found this job on CalmJobs, thanks!

Full Details of Job Post

Job Summary:

The DevSecOps Engineer is responsible for integrating security practices into the DevOps pipeline. This role involves collaborating with development, operations, and security teams to ensure that security is embedded throughout the software development lifecycle. The DevSecOps Engineer will design, implement, and manage security automation, monitoring, and response strategies to safeguard the organization’s infrastructure and applications. This is a 6 month contract to hire and requires an active Top Secret clearance or higher.

Responsibilities:

Security Integration:
Embed security controls, processes, and tools into the DevOps pipeline.
Ensure that security is an integral part of the CI/CD processes.
Implement security testing automation (e.g., SAST, DAST, and vulnerability scanning).
Infrastructure as Code (IaC):
Develop and maintain secure infrastructure using IaC tools such as Terraform, Ansible, or CloudFormation.
Conduct security reviews and audits of IaC scripts to identify and mitigate risks.
Ensure compliance with security best practices and standards.
Monitoring and Incident Response:
Implement and manage security monitoring tools to detect and respond to threats.
Develop automated incident response playbooks to handle security incidents.
Collaborate with the security team to perform regular threat modeling and risk assessments.
Continuous Improvement:
Stay updated with the latest DevSecOps practices, tools, and technologies.
Identify opportunities to enhance security posture and reduce vulnerabilities.
Conduct security training and awareness sessions for development and operations teams.
Collaboration and Communication:
Work closely with development, operations, and security teams to promote a culture of security.
Facilitate communication and coordination between all stakeholders to ensure seamless integration of security practices.
Provide security guidance and support to engineering teams throughout the development lifecycle.
Compliance and Documentation:
Ensure compliance with relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, PCI-DSS).
Maintain detailed documentation of security processes, configurations, and incidents.
Prepare and present security reports and metrics to management.