We Will Need The Following For Submission
Full name
LinkedIn profile link
Visa copy and photo ID
3 managerial references- must be managers I cannot accept peer references. I will need full name, job title, company email, phone and LinkedIn profile link
Notes
we need DevSecOps engineers, not just DevOps.
Candidate Work History Needs To Demonstrate Docker Security
Veracode
BlackDuck
Sysdig
Synopsys
API
Python, Java, JSON
position sits on application security team
verification component of ci/cd pipelines- which are relevant or not relevant
scan and container componets
sisdig, black duck
this position would help troubleshoot the existing pipelines and the code for verification & scanning components
feature changes, feature requests
dynamic scanning
container scanning that we are moving towards.
Jenkins pipelines
black duck, vericode, and sisdig have api's
ability to understand and understand api calls and pay loads where it is json or something else.
feature request example. srm sw risk manager integrate that into the pipelines with risk as well.
Familiarity or ability to use Python, Java, JavaScript
we have 1 app that is c++, not really relevant to this
nice to have: familiarity with OWASP top 10
we use the 2021 model here. just as a measure of security familiarity.
DevOps Dev ci/cd
Job Title: Sr. DevSecOps Engineer
Worksite: Preferred Hybrid Onsite (Chicago or Dallas) Chicago preferred
Our client has an Immediate Opportunity for a Sr. DevSecOps Engineer to join their team on a long-term contract basis.
Create custom Docker containers to pull results from vulnerability management tools, verify results using custom rules, and print results into report(s). This will require use of APIs and the ability to reformat reports from formats such as json and xml into human readable tables.
Deliverables:
Series of containers set up to run security requirements within Jenkins verification pipeline(s) and replace existing individual containers.
Individual pipelines for users to run ad-hoc scans without using the full CI/CD build process.
Documentation expected in our internal Wiki and in code comments.
Develop and transition artifacts to operational teams, including documentation to troubleshoot, re-create, and leverage containers and outline of manual workarounds, if any.
Security CI/CD Tool Enhancements and Pipeline Maintenance - Perform maintenance of the CI/CD pipelines and existing security vulnerability management tools throughout the length of the engagement, including troubleshooting of issues in the pipeline and bug/feature enhancements.
Deliverables: Updated security tool containers with requested feature enhancements made
Automate Ad-Hoc Security Engineering Processes - Develop custom scripts to automate routine Security Engineering tasks as requested.
Deliverables: Custom scripts
Must Have
Programming knowledge and coding experience, particularly Python, JSON, JAVA, Javascript, and Bash
Experience working with APIs
Experiencing parsing (HTML, XML, JSON, etc.)
Proficient in Github and Jenkins
Docker experience in automating deployments and testing
Strong communication and collaboration skills
Preferred: Knowledge of secure coding practices as defined in OWASP Top 10 2021
Ideal candidates will have experience with Veracode, BlackDuck, or Sysdig docker security tools.
Integrating/implementing Synopsys into pipeline api for software risk management
Troubleshoot the existing pipelines and the code for verification & scanning components
Any Graduate