Security DevOps Engineer - Berkshire Hathaway Homestate Companies Omaha, Nebraska Bookmark Share Print 458 0 1

Listing Description

WHAT WE'RE LOOKING FOR
As a Security DevOps Engineer, you will be responsible for integrating security practices into the DevOps workflow to ensure the continuous delivery of secure and reliable software/hardware solutions. You will work closely with development, operations, and security teams to identify potential vulnerabilities, implement security measures, and automate security processes. Your role is crucial in fostering a secure DevOps culture, enhancing the organization's security posture, and maintaining compliance with relevant regulations and best practices.

HOW YOU'D CONTRIBUTE TO THE TEAM
  • DevSecOps Integration: Integrate security practices, tools, and automation into the DevOps pipeline, ensuring that security is a fundamental aspect of the software development lifecycle as well as hardware configuration, security maintenance and lifecycle.
  • Secure Infrastructure: Design, implement, and maintain secure infrastructure configurations for cloud platforms and on-premises environments. Apply security best practices to servers, networks, and other critical infrastructure components.
  • Continuous Security Monitoring: Implement and maintain security monitoring tools and processes to detect security incidents, anomalies, and potential threats in real-time.
  • Security Testing Automation: Develop and maintain security testing scripts, including static code analysis, dynamic application security testing (DAST), and container security scanning.
  • Vulnerability Management: Identify, track, and prioritize security vulnerabilities in software components, libraries, and infrastructure. Collaborate with development and operations teams to remediate identified issues promptly.
  • Incident Response: Participate in incident response efforts, investigating and addressing security incidents, and contributing to post-incident reviews.
  • Compliance and Auditing: Work with relevant teams to ensure adherence to security policies, standards, and compliance requirements (e.g., GDPR, HIPAA, NY DFS).
  • Secure CI/CD Pipeline: Secure and optimize the continuous integration and continuous delivery (CI/CD) pipeline, including code scanning, automated testing, and deployment security.
  • Threat Intelligence: Stay up to date with the latest security threats, vulnerabilities, and industry trends. Leverage threat intelligence to proactively enhance security measures.
  • Security Awareness: Promote security awareness and training across the organization, educating developers and operations teams about secure coding, configuration management, and other security-related topics.
  • Cloud Security: Implement security controls and best practices for cloud services and platforms, such as AWS, Azure, or GCP.
  • Automation: Develop and maintain security automation scripts and tools to streamline security processes and reduce manual intervention.
  • Collaboration: Collaborate effectively with cross-functional teams to ensure security requirements are considered throughout the DevOps workflow.

    • WHAT YOU NEED TO QUALIFY FOR CONSIDERATION
  • Education: Bachelor's degree in Computer Science, Engineering, Information Technology, or related field required.
  • Certifications: Relevant certifications such as Certified DevOps Engineer, Certified Ethical Hacker (CEH), or Certified Cloud Security Professional (CCSP) are preferred (must maintain current certifications).
  • Experience: A minimum of five (5) years of relevant work experience is required. CLOUD SECURITY: Experience in securing cloud platforms and services (e.g., AWS, Azure, GCP) and implementing cloud security best practices. AUTOMATION TOOLS: Experience with automation tools and frameworks to streamline security processes (e.g., Ansible, Puppet, Chef).
  • Technical Skills: DEVOPS EXPERTISE: Strong understanding of DevOps principles, CI/CD pipelines, and configuration management tools (e.g., Jenkins, Git, Ansible, Terraform, Kuberbetes); SECURITY KNOWLEDGE: In-depth knowledge of information security principles, standards, best practices, and industry frameworks (e.g., OWASP, NIST, CIS); SCRIPTING AND PROGRAMMING: Proficiency in scripting languages used in DevOps environments (e.g., Java, JavaScript); INFRASTRUCTURE SECURITY: Understanding of security practices for servers, networks, containers, and virtualization technologies; SECURITY TOOLS: Familiarity with security testing tools, vulnerability scanners, and security monitoring solutions; THREAT DETECTION AND INCIDENT RESPONSE: Knowledge of security incident detection, analysis, and response procedures; COMPLIANCE AND AUDITING: Familiarity with security compliance requirements and auditing procedures.
  • Communication: Excellent communication and collaboration skills to work effectively with cross-functional teams.
  • Problem-Solving: Strong analytical and problem-solving skills to identify and address security issues.
  • Initiative/Continuous Learning: A proactive approach to staying updated on emerging security technologies and industry trends.

    • Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Starfish Logo

    A Starfish Partners Company

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!