DevSecOps Engineer
Indexed description
Reporting to the CIO, this position will serve as the central day-to-day integrator across Engineering/ Operations, Systems Development, and IT Operations and Security.
Responsibilities:
- Testing Environment Setup and Management o Design and create standardized, efficient, and securityfocused testing environments, developing and manual and automated testing configurations for internal and external systems.
- Provide setup, configuration, and support for various releases of Apache Tomcat, Apache2 and IIS configurations, Multiple Web applications, RDBMS’s with various database systems and versions. Understand the configurations and properties of each and the interaction required between application layers. o Support database configuration, administration, and content of databases for internal test platforms to mirror various remote customer sites’ configurations.
- Provide Full Stack Application support to ensure that all components are configured properly, and interactions are secure, error free and optimized. o Provide setup, configuration, and support for external performance testing events in secure labs. Includes event coordination and execution with customer personnel.
- Security and Risk Management o Provide support for Risk Management Framework (RMF), including Boundary Diagrams, Authority to Operate (ATO), and Ports Protocols Services Management (PPSM). Maintain a thorough knowledge of the content within.
- Technical Leadership in the creation, deployment, and management of PKI Certificates (DoD, Self-Signed, etc.) for both hardware and software environments. o Maintain awareness of vulnerabilities and security concerns of test and production environments, including internal code and its dependencies. Provide remediation support for issues as required.
- Provide input on best practices for Security and Operations in shift-left Development Process.
- Application and Device Deployment o Coordinate with internal development teams and thirdparty agents for packaging and testing software installations, patches and other distributions.
- Coordinate DevOps principles to develop standardized, secure, compliant and repeatable build pipelines, including server, application and database configuration and orchestration. o Manage and support application deployments to remote customer sites using delivery mechanisms such as: Proprietary Remote Transfer, Hard Copy (CD/DVD/etc.), and future deployment systems. Application deployments may occasionally require in person visit to a vessel for advanced environment validation or troubleshooting.
- Miscellaneous Day to Day o Create, update, and present product environment configurations and supporting systems.
- Collect and analyze server and application logs of various types both locally and remotely. Provide recommendations and potential corrective actions when problems are found.
- Communicate regularly with internal and customer points of contact (verbal and written).
- BS in an ITrelated field (or equivalent experience) and 10+ years of Systems Integration/Development/Security/Operations experience.
- Strong fundamentals in fullstack systems integration, network operations, Apache Tomcat and application server skills.
- Knowledge of Public Key Infrastructure and various authentication mechanisms
- Expertlevel development experience in Java and associated frameworks/libraries.
- Working experience with Windows installer packages (NSIS, WiX, etc).
- Experience with SQL at and RDBM concepts and integration, JDBC/ODBC.
- Experience with build/test/release management, general automation, and security processes in CI/CD pipeline.
- Extensive experience in tools such as: git, Jenkins, Tenable, Nexus, Fortify, SIEM’s, Black Duck etc.
- Experience in Systems Administration (Windows Server/Active Directory & Linux).
- Experience in hybrid and cloudbased environments, AWS, Azure.
- Ability to obtain and maintain a DoD Security Clearance .
- Strong verbal, written, and communication skills.
- Ability to occasionally support work onboard maritime vessel pier side.
- Security+ Certification or ability to acquire within 60 days.
- Experience with Containers and VMs with regard to DevSecOps optimized environments.
- Familiarity in CMMC2.0, NIST 800171, Microsoft 365 GCCH, Purview, Azure, Intune.
- Experience with PowerShell, Linux and in one or more scripting languages (e.g., bash).
- Programming experience with Tomcat internals (e.g., Valves/Filters, etc.).
- Security configuration and operations experience with OpenSSL and Apache Tomcat tcnative.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search