Senior DevSecOps Engineer

About The Position

Requirements

• Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Industry Certification: AWS Associate-level certification is required. If not currently held, the candidate must successfully obtain this certification within 6 months of their start date.
• Experience: A minimum of 8 years of experience in information security, with significant experience in a cloud environment.
• Technical Knowledge: Deep understanding of cybersecurity principles, intrusion detection, vulnerability assessment, and network architecture.
• Autonomy: Proven ability to work independently and provide guidance to junior team members.
• Communication: Excellent communication and advisory skills to consult with and advise other teams on security procedures and policies.
• Note: This position requires that applicants be authorized to work in the United States without sponsorship now or at any time in the future, and be able to pass a general background check.

Responsibilities

• Cloud Security Engineering: Design, implement, and maintain secure cloud solutions across AWS, Azure, and GCP to meet mission and compliance requirements.
• Security Documentation: Assist in developing and maintaining essential security artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
• Architectural Analysis: Analyze complex cloud and system architectures to identify security risks and recommend effective mitigation strategies.
• Control Implementation: Apply and document security controls based on NIST 800-53 and NIST 800-171 standards.
• DevSecOps Integration: Collaborate with all functional areas of the team to embed security into CI/CD pipelines and automate security checks.
• Vulnerability & Incident Support: Assist in cloud-based incident response and lead vulnerability remediation efforts.
• Cloud Security Best Practices: Provide expert guidance on cloud security best practices, including encryption, access controls, identity management, and data protection.
• Security Tooling & Evaluation: Evaluate, recommend, and implement cloud-native and third-party security tools.
• Risk & Change Management: Participate in design reviews, risk assessments, and change control processes to ensure the security of new systems and changes.
• Continuous Monitoring: Lead annual security assessments and ongoing monitoring activities to maintain a strong security posture.
• Stakeholder Guidance: Advise Information System Owners (ISOs) on system security and compliance matters.
• Tenant Oversight: Oversee security posture for cloud infrastructure and monitor tenant security control implementation.
• Interconnection Security Agreements (ISAs): Support the development and maintenance of ISAs between tenants and Cloud Computing Services.

Benefits

• Competitive medical, dental and vision benefits
• Life Insurance, Short & Long Term disability insurance
• Voluntary Accident, Critical Illness & Hospital Insurance
• 401(k) and Roth 401(k) retirement plans with a fixed 3% of salary employer contributions (paid regardless of employee participation)
• Health savings account with a company contribution
• Flexible spending accounts (medical, dependent care and transportation)
• Company-paid parental leave after one year of employment
• Flexible work schedules
• Paid employee assistance program
• 9 paid holidays
• 4 weeks + 1 day Paid Time Off per calendar year (prorated first year)
• Cell phone stipend