DevSecOps Engineer
United States
Full Time
4 hours ago
$10,191 - $67 USD
H1B Sponsor Likely
Key skills
PythonJavaRubySQLPerlPowerShellDockerJenkinsActive DirectoryCI/CDCommunicationFirewall
About this role
UC Davis Health Informatics is focused on providing cybersecurity expertise to its operations and projects. The DevSecOps Engineer will ensure security requirements are integrated into CI/CD pipelines and play a key role in securing information assets against various threats.
Responsibilities:
- 90% - Information Security Consulting and Operational Support
- 10% - Documentation and Governance
Requirements:
- Bachelor's degree in related area and / or equivalent experience / training
- 5+ years of operational hands-on experience with IT security systems and tools (IPS, SIEM, Firewall systems, etc.)
- 5+ years of hands-on experience with vulnerability management tools (Nessus/Counter Measures/etc.…)
- 5+ years demonstrated experience administering security controls and standards (NIST, CIS, ISO, PCI) configurations hardware, software, and networks
- Experience with fully automating CI/CD pipelines end-to-end, from code commits to production
- Demonstrated experience creating, editing, maintaining, security centered technical guidelines and/or knowledgebase articles
- Demonstrated experience supporting enterprise-level end point protection, encryption, and management technologies
- Experience leading technical staff and or technical projects
- Experience leading effective meetings, and or troubleshooting work sessions
- PowerShell scripting experience
- Experience in incident response and digital forensics including data reporting
- Demonstrated expert level knowledge of network, endpoint hardware, software, and network design techniques
- Demonstrated expert level knowledge and experience with the technological underpinnings of Windows Active Directory and Group Policy Objects
- Demonstrated experience with secure development, coding, engineering practices
- Must be able to work in a specific environment: Jenkins, Docker, Java, Python, Ruby, Perl, Scripting YAML, SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing
- Expert knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
- Expert knowledge of data encryption technologies and demonstrated experience selecting appropriate data encryption technologies
- Must have the ability to work independently, set priorities, organize the work of others and meet multiple deadlines
- Advanced interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization
- Excellent communication skills (Oral/Written)
- Strong proficiency with common productivity tools (MS Office, Adobe, etc.)
- Holds active CISSP, GIAC, ISACA, or similar security focused certifications
- Knowledge of HIPAA, HITECH regulations and healthcare-specific policies and procedures
- Familiarity with the UNIX/Linux operating systems and its basic operations