Security DevOps Engineer - Berkshire Hathaway Homestate Companies Omaha, Nebraska Bookmark Share Print 336 0 1

Listing Description

WHAT WE'RE LOOKING FOR
As a Security DevOps Engineer, you will be responsible for integrating security practices into the DevOps workflow to ensure the continuous delivery of secure and reliable software/hardware solutions. You will work closely with development, operations, and security teams to identify potential vulnerabilities, implement security measures, and automate security processes. Your role is crucial in fostering a secure DevOps culture, enhancing the organization's security posture, and maintaining compliance with relevant regulations and best practices.

HOW YOU'D CONTRIBUTE TO THE TEAM
  • DevSecOps Integration: Integrate security practices, tools, and automation into the DevOps pipeline, ensuring that security is a fundamental aspect of the software development lifecycle as well as hardware configuration, security maintenance and lifecycle.
  • Secure Infrastructure: Design, implement, and maintain secure infrastructure configurations for cloud platforms and on-premises environments. Apply security best practices to servers, networks, and other critical infrastructure components.
  • Continuous Security Monitoring: Implement and maintain security monitoring tools and processes to detect security incidents, anomalies, and potential threats in real-time.
  • Security Testing Automation: Develop and maintain security testing scripts, including static code analysis, dynamic application security testing (DAST), and container security scanning.
  • Vulnerability Management: Identify, track, and prioritize security vulnerabilities in software components, libraries, and infrastructure. Collaborate with development and operations teams to remediate identified issues promptly.
  • Incident Response: Participate in incident response efforts, investigating and addressing security incidents, and contributing to post-incident reviews.
  • Compliance and Auditing: Work with relevant teams to ensure adherence to security policies, standards, and compliance requirements (e.g., GDPR, HIPAA, NY DFS).
  • Secure CI/CD Pipeline: Secure and optimize the continuous integration and continuous delivery (CI/CD) pipeline, including code scanning, automated testing, and deployment security.
  • Threat Intelligence: Stay up to date with the latest security threats, vulnerabilities, and industry trends. Leverage threat intelligence to proactively enhance security measures.
  • Security Awareness: Promote security awareness and training across the organization, educating developers and operations teams about secure coding, configuration management, and other security-related topics.
  • Cloud Security: Implement security controls and best practices for cloud services and platforms, such as AWS, Azure, or GCP.
  • Automation: Develop and maintain security automation scripts and tools to streamline security processes and reduce manual intervention.
  • Collaboration: Collaborate effectively with cross-functional teams to ensure security requirements are considered throughout the DevOps workflow.

    • WHAT YOU NEED TO QUALIFY FOR CONSIDERATION
  • Education: Bachelor's degree in Computer Science, Engineering, Information Technology, or related field required.
  • Certifications: Relevant certifications such as Certified DevOps Engineer, Certified Ethical Hacker (CEH), or Certified Cloud Security Professional (CCSP) are preferred (must maintain current certifications).
  • Experience: A minimum of five (5) years of relevant work experience is required. CLOUD SECURITY: Experience in securing cloud platforms and services (e.g., AWS, Azure, GCP) and implementing cloud security best practices. AUTOMATION TOOLS: Experience with automation tools and frameworks to streamline security processes (e.g., Ansible, Puppet, Chef).
  • Technical Skills: DEVOPS EXPERTISE: Strong understanding of DevOps principles, CI/CD pipelines, and configuration management tools (e.g., Jenkins, Git, Ansible, Terraform, Kuberbetes); SECURITY KNOWLEDGE: In-depth knowledge of information security principles, standards, best practices, and industry frameworks (e.g., OWASP, NIST, CIS); SCRIPTING AND PROGRAMMING: Proficiency in scripting languages used in DevOps environments (e.g., Java, JavaScript); INFRASTRUCTURE SECURITY: Understanding of security practices for servers, networks, containers, and virtualization technologies; SECURITY TOOLS: Familiarity with security testing tools, vulnerability scanners, and security monitoring solutions; THREAT DETECTION AND INCIDENT RESPONSE: Knowledge of security incident detection, analysis, and response procedures; COMPLIANCE AND AUDITING: Familiarity with security compliance requirements and auditing procedures.
  • Communication: Excellent communication and collaboration skills to work effectively with cross-functional teams.
  • Problem-Solving: Strong analytical and problem-solving skills to identify and address security issues.
  • Initiative/Continuous Learning: A proactive approach to staying updated on emerging security technologies and industry trends.

    • Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!