SR. DevSecOps Engineer

We Will Need The Following For Submission

Full name
LinkedIn profile link
Visa copy and photo ID
3 managerial references- must be managers I cannot accept peer references. I will need full name, job title, company email, phone and LinkedIn profile link

Notes

we need DevSecOps engineers, not just DevOps.

Candidate Work History Needs To Demonstrate Docker Security

Veracode

BlackDuck

Sysdig

Synopsys

API

Python, Java, JSON

position sits on application security team

verification component of ci/cd pipelines- which are relevant or not relevant

scan and container componets

sisdig, black duck

this position would help troubleshoot the existing pipelines and the code for verification & scanning components

feature changes, feature requests

dynamic scanning

container scanning that we are moving towards.

Jenkins pipelines

black duck, vericode, and sisdig have api's

ability to understand and understand api calls and pay loads where it is json or something else.

feature request example. srm sw risk manager integrate that into the pipelines with risk as well.

Familiarity or ability to use Python, Java, JavaScript

we have 1 app that is c++, not really relevant to this

nice to have: familiarity with OWASP top 10

we use the 2021 model here. just as a measure of security familiarity.

DevOps Dev ci/cd

Job Title: Sr. DevSecOps Engineer

Worksite: Preferred Hybrid Onsite (Chicago or Dallas) Chicago preferred

Our client has an Immediate Opportunity for a Sr. DevSecOps Engineer to join their team on a long-term contract basis.

Create custom Docker containers to pull results from vulnerability management tools, verify results using custom rules, and print results into report(s). This will require use of APIs and the ability to reformat reports from formats such as json and xml into human readable tables.

Deliverables:
Series of containers set up to run security requirements within Jenkins verification pipeline(s) and replace existing individual containers.
Individual pipelines for users to run ad-hoc scans without using the full CI/CD build process.
Documentation expected in our internal Wiki and in code comments.
Develop and transition artifacts to operational teams, including documentation to troubleshoot, re-create, and leverage containers and outline of manual workarounds, if any.
Security CI/CD Tool Enhancements and Pipeline Maintenance - Perform maintenance of the CI/CD pipelines and existing security vulnerability management tools throughout the length of the engagement, including troubleshooting of issues in the pipeline and bug/feature enhancements.

Deliverables: Updated security tool containers with requested feature enhancements made

Automate Ad-Hoc Security Engineering Processes - Develop custom scripts to automate routine Security Engineering tasks as requested.

Deliverables: Custom scripts

Must Have

Programming knowledge and coding experience, particularly Python, JSON, JAVA, Javascript, and Bash
Experience working with APIs
Experiencing parsing (HTML, XML, JSON, etc.)
Proficient in Github and Jenkins
Docker experience in automating deployments and testing
Strong communication and collaboration skills
Preferred: Knowledge of secure coding practices as defined in OWASP Top 10 2021
Ideal candidates will have experience with Veracode, BlackDuck, or Sysdig docker security tools.
Integrating/implementing Synopsys into pipeline api for software risk management
Troubleshoot the existing pipelines and the code for verification & scanning components