DevSecOps Engineer
DevSecOps Engineer
Posted on :
04-12-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Role: DevSecOps Engineer
Location: Seatle WA onsite
Duration: Long term
Location: Seatle WA onsite
Duration: Long term
Description:
We are seeking a ShiftLeft DevOps Engineer with expertise in integrating and optimizing GitHub Advanced Security tools including CodeQL and Dependabot to create a seamless secure and efficient DevOps environment. This role focuses on embedding security early into the development lifecycle enhancing developer productivity and enabling proactive automated dependency and vulnerability management within CI/CD pipelines. The ideal candidate will have a strong DevOps background familiarity with secure coding practices and a commitment to a shiftleft approach empowering development teams to deliver secure code faster and more efficiently.
Key Responsibilities
Integrate GitHub Advanced Security Tools into Development Workflows:
o Configure and manage GitHub Advanced Security tools including Dependabot and CodeQL as part of the CI/CD process to catch issues early.
o Customize security alerts rules and dependency checks to provide developerfriendly feedback directly within PRs.
o Work alongside DevOps and development teams to ensure security insights from GitHub Advanced Security are actionable and optimized for developer workflows within Github.
Integrate GitHub Advanced Security Tools into Development Workflows:
o Configure and manage GitHub Advanced Security tools including Dependabot and CodeQL as part of the CI/CD process to catch issues early.
o Customize security alerts rules and dependency checks to provide developerfriendly feedback directly within PRs.
o Work alongside DevOps and development teams to ensure security insights from GitHub Advanced Security are actionable and optimized for developer workflows within Github.
Automate Dependency Management with Dependabot:
o Set up Dependabot to manage and automatically update dependencies ensuring security patches are applied efficiently and with minimal manual intervention.
o Collaborate with developers to integrate Dependabot PRs into branch workflows (feature development and release branches) with appropriate approval gates.
o Enable automated testing for Dependabot updates to validate compatibility with the codebase reducing dependencyrelated risks.
Implement and Enhance ShiftLeft Practices in CI/CD:
o Integrate CodeQL analysis and other automated security checks into CI/CD pipelines for realtime feedback on code vulnerabilities and potential improvements.
o Develop processes to ensure that security checks are embedded as early as possible in the development pipeline providing rapid feedback to developers.
o Create workflows that allow lowrisk updates (such as minor dependency upgrades) to merge automatically when all tests pass speeding up development cycles.
Optimize Developer Experience with Automation and Tooling:
o Build and maintain scripts configurations and dashboards that allow developers to selfmanage security findings and track dependency health.
o Continuously improve feedback loops to reduce false positives ensure clear remediation steps and increase developer productivity.
o Design notifications and automated reminders for developers to address dependency or security issues within their PRs and feature branches.
Support Developer Enablement and Education:
o Provide support and training to developers on best practices for using GitHub Advanced Security Dependabot and CodeQL within their workflows.
o Host sessions on secure coding and using automation tools to build secure applications encouraging a culture of proactive security in development.
o Develop and share documentation that simplifies the use of security tools helping developers understand dependency and vulnerability management basics.
Collaborate on CI/CD Optimization and Automation:
o Work with DevOps and Engineering teams to optimize CI/CD processes improving build speed testing reliability and deployment efficiency.
o Set up monitoring and automated reporting for key metrics such as dependency update success rates timetofix vulnerabilities and code quality trends.
o Identify and implement automation opportunities to further streamline code quality and dependency management across development cycles.
Qualifications
Technical Expertise:
o Strong experience in DevOps particularly with GitHub Advanced Security features like Dependabot and CodeQL and handson experience integrating these tools into CI/CD pipelines.
o Proficiency in scripting (e.g. Python Bash) and automation tools to support continuous improvement in the CI/CD and development environments.
o Knowledge of DevOps methodologies and best practices particularly around automating testing code quality and dependency management.
Technical Expertise:
o Strong experience in DevOps particularly with GitHub Advanced Security features like Dependabot and CodeQL and handson experience integrating these tools into CI/CD pipelines.
o Proficiency in scripting (e.g. Python Bash) and automation tools to support continuous improvement in the CI/CD and development environments.
o Knowledge of DevOps methodologies and best practices particularly around automating testing code quality and dependency management.
Experience:
o 5 years in DevOps SRE or similar roles with experience in development pipelines and automation.
o Proven experience in managing dependencies security updates and automated PRs within GitHub or similar version control systems.
o Strong understanding of CI/CD practices with experience in streamlining workflows for developer efficiency and productivity.
Soft Skills:
o Excellent communication skills to collaborate effectively with development DevOps and QA teams.
o Ability to advocate for and drive shiftleft practices enabling teams to adopt security and quality checks early in the development lifecycle.
o Problemsolving skills with a focus on creating scalable maintainable solutions that support a proactive DevOps environment.
Preferred Qualifications:
Certifications: Relevant DevOps or cloud certifications such as AWS DevOps CKA (Certified Kubernetes Administrator) or similar.
Additional Tools: Familiarity with other DevOps and automation tools such as Jenkins Terraform Docker and Kubernetes.
Certifications: Relevant DevOps or cloud certifications such as AWS DevOps CKA (Certified Kubernetes Administrator) or similar.
Additional Tools: Familiarity with other DevOps and automation tools such as Jenkins Terraform Docker and Kubernetes.
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
