DevSecOps Engineer

Job Title: DevSecOps Engineer

Location: Arlington VA 3 days/week in the office

Duration: 12 months Contract

Interview :: Video and F2F

Visa USC/GC

LinkedIn Must

NOTE Local candidates only must send documentation with name/address

Candidate MUST be open to onsite interview as final interview

Job Description:

Vendor Call Notes:

DevSecOps Engineer involved in integration apps to CI pipelines that build and deploy apps they do security

Set of security testing tools and integrate to pipeline integrate whole process fixing issues automated whole process work with dev team

Experience with DevOps processes Jenkins plugins that can be used Groovy for writing scripts to help with automation

Jenkins used for CI/CD processes will know Groovy if worked with Jenkins (a plus in basic knowledge) will not write 100s lines of Groovy code updating existing ones

Use Python for automation of process need python development (67 years of exp) write scripts to automate processes

Internal scripts are what they use not customer facing script

OWASP good to have

Maintenance of existing process and implementing new process

Need security piece

6 members including team lead (onshore/offshore)

Proactive mindset work with other teams meet with any issues in environment and able to reach out to other teams to fix issue large org experience preferably financial (exposure to complex and diverse development)

What Youll Do:

Collaborate with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST DAST and SCA applications.

Work with Development DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.

Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java React Objective C SWIFT Kotlin etc. DO NOT NEED TO KNOW nice to have

With your development background and security knowledge provide security guidance to developers in the form secure coding standards and guidelines.

Support security standards create templates and patterns to increase the efficiency and adoption of security program. Good if familiar but they can train them on that

These skills will help you succeed in this role:

Bachelors degree with minimum 8 years of work experience in the IT field

3 years software development experience using Java JavaScript

3 years of experience in the following:

OWASP Secure Coding Practices GOOD TO HAVE

Common software and web application security vulnerabilities

Application security scanning tools

Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g. Jenkins) Required

Experience in Python scripting Required

Even Better If You Have

A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field

Business acumen to support the implementation of SAST or DAST or IAST across the enterprise

Ability to perform code reviews with minimal assistance

A selfstarter with a strong desire for learning new technologies and applying them to solve problems

Experience with two or more of the application build environments like Jenkins Gradle Maven.

Familiarity with public cloud services a plus

Experience with two or more of the Secure SDLC tools like Burp Suite Fortify Checkmarx AppSec SE Veracode WhiteSource Sonatype

Experience with Threat Analysis.

Experience with DevSecOps Secure SDLC.

DevOps container/orchestration tools (Kubernetes Docker Puppet etc) is a plus

Experience with evaluation integration and onboard of security tools such as RASP WAF vulnerability scanner results container analyzers open source scanning etc is a plus