Easy Dynamics Corporation is a leading IT service provider specializing in cybersecurity, cloud computing, and risk management for federal agencies. They are seeking a DevSecOps Engineer to integrate security practices throughout the software development lifecycle and ensure compliance with security standards while collaborating closely with development teams and stakeholders.
Responsibilities:
- Implement and maintain security controls throughout the development pipeline, ensuring security is embedded in every phase of the software development lifecycle
- Collaborate with Information System Security Officers (ISSOs) to review Security Technical Implementation Guides (STIGs) and support Authority to Operate (ATO) processes, ensuring compliance with security standards and regulatory requirements
- Design, implement, and maintain secure CI/CD pipelines with automated security testing, vulnerability scanning, and compliance checks integrated into deployment workflows
- Actively participate in Scrum ceremonies, including sprint planning, daily standups, sprint reviews, and retrospectives, while providing security guidance and effort estimates for security-related tasks
- Conduct regular security assessments, vulnerability scans, and penetration testing, while coordinating remediation efforts with development teams
- Develop and maintain secure infrastructure configurations using Infrastructure as Code principles with automated security policy enforcement
- Implement and manage security monitoring tools, logging systems, and incident response procedures to detect and respond to security threats in real time
- Perform security risk assessments, threat modeling, and security architecture reviews to identify and mitigate potential vulnerabilities
- Create security documentation, procedures, and training materials while maintaining compliance artifacts for audit purposes
Requirements:
- 4 years of experience + Bachelor's degree, or 8 years of experience
- IAT Level II certification required (e.g., Security+ CE, CCNA-Security, GSEC, GICSP, SSCP, CySA+, or other DoD 8570.01-M / DoD 8140 approved certifications at IAT Level II)
- DevSecOps Expertise — Strong experience in DevSecOps practices, security automation, and secure software development within enterprise environments
- Scrum Methodology — Deep understanding of Scrum principles and Agile development practices, including integrating security requirements into sprint planning and user story development
- Security Standards Knowledge — Extensive knowledge of STIGs, NIST frameworks, ATO processes, and federal security compliance requirements, with experience working alongside ISSOs and security teams
- CI/CD and Automation — Proficiency with CI/CD tools, with GitLab CI preferred, as well as containerization technologies including Docker and Kubernetes, and automation platforms such as Terraform, Ansible, and CloudFormation
- Programming and Scripting — Proficiency in scripting languages, Bash, and PowerShell, with experience using security testing frameworks and static/dynamic analysis tools
- Security Tools — Experience with vulnerability scanners (Nessus, OpenVAS), SAST/DAST tools, container security scanning solutions, and security orchestration platforms
- Communication and Collaboration — Excellent communication skills with the ability to work effectively across cross-functional Scrum teams, security officers, compliance teams, and stakeholders in fast-paced development environments
- DoD Secret clearance or equivalent
- AWS - Experience specifically with AWS CDK and processes
- Hands-on experience with ATO and STIG maintenance and renewal
- CI/CD tools, with GitLab CI preferred
- Cloud Security - Experience with cloud security platforms and cloud-native security tools, with AWS Security Hub preferred
- Familiarity with multi-cloud security strategies and additional platforms (Azure Security Center, Google Cloud Security)
- JavaScript (is preferred)