Tag Archives for " SecDevOps "

DevSecOps Lead Engineer | FT | Bethesda MD

DevSecOps Engineer | DevOpsDNA

The DevSecOps Lead Engineer is responsible for the management, development, and automation of information security features/controls related to all applications and infrastructure.

This individual ensures that cloud infrastructure, operating, and software systems, and related procedures adhere to organizational expectations of security, availability and performance.

Key Job Functions

This individual will, but not limited to, assist the Information Security Architecture and Engineering, Developers, and Infrastructure teams with technical design and requirements; collaborate with DevOps leads to create automated solutions, manage, and develop security features/controls; integrate completed features and compliance checks into the automation pipeline. Additionally, they will participate in the Software Development Life Cycle with a focus integrating security controls.

  • Develop user stories in support of information security requirements.
  • Automate security controls on the infrastructure and applications.
  • Research and recommend innovative, and where possible automated approaches for system administration tasks.
  • Identify approaches that leverage our resources and provide economies of scale.
  • Provide support for production deployments, as needed.
  • Provide Tier III/other support for production issues.

 

Education

  • Bachelor’s degree in related field or equivalent years for work experience

Minimum Experience the DevSecOps Lead Engineer

  • Minimum of 10 year related working experience within Cyber Security
  • End-to-end CD pipeline, automated testing, production deployments, and fully scripted single purpose pipeline.
  • Advanced AWS automation using Terraform and/or CloudFormation services.
  • Experience/knowledge in automating the implementation of security controls in Amazon Web Services (AWS) for services like EC2, S3, IAM etc. via the AWS API.
  • Strong Chef knowledge, both Linux and Windows, possibly Chef Solo as well as Chef Automate and Chef Inspec.
  • Experience/knowledge in automating server configuration for security including authentication, authorization, logging, certificate/key changes, system hardening etc.

NIST-FrameWork

Specialized  DevOps Knowledge & Skills

 

  • Experience automating and orchestrating workloads across multiple public cloud providers.
  • Automation experience with at least one configuration management system such as Chef (directly or via AWS OpsWorks), Puppet,
  • Ansible, AWS Cloud Formation, AWS Code Pipeline, AWS Code Build, and AWS Code Commit.
  • Experience working at least one of the following languages: Node.js, Python, PHP, Ruby, and Java
  • Proficient with GIT, Bitbucket, Artifactory, Nexus, etc.
  • Proficient in leveraging CI and CD tools to automate testing and deployment.
  • Experience working in an Agile, fast paced, DevOps environment.
  • Knowledge in building distributed, highly available applications.
  • Knowledge of information security controls (NIST Cyber Security Framework).

 

 

Quick Apply

 

What is DevSecOps?

What is DevSecOps?

First, let’s make sure we are on the same page when it comes to defining DevOps before we jump into the DevSecOps / SecDevOps.

https://opensource.com/resources/devopsWhat is DevOps? | Opensource.com DevOps is a word that is used to describe a set of modern IT practices which seek to more closely bring together software developers and operations staff to work on the same project in a more collaborative manner. The desire is that by breaking down barriers which have traditionally existed between these two sides of the IT department, organizations can reduce the time and friction involved in deploying new versions of software. This effort will ideally lead to shorter development cycles which ideally may save time and money, and give the organization a competitive edge against others with longer, more traditional development cycles.

 

 

https://www.visualstudio.com/learn/what-is-devops/What is DevOps? DevOps is the union of people, process, and products to enable continuous delivery of value to our end users.

 

 

 

https://www.visualstudio.com/learn/what-is-devops/What is DevOps? | DevOps Learning Center DevOps is the union of people, process, and products to enable continuous delivery of value to our end users. The contraction of “Dev” and “Ops” refers to replacing siloed Development and Operations to create multidisciplinary teams that now work together with shared and efficient practices and tools. Essential DevOps practices include agile planning, continuous integration, continuous delivery, and monitoring of applications.

 

 

 

Developers and operations working together from the start, rather than developers send code to QA for testing and walking away. It is a way of working, not a new technology. You can’t “DevOps” something.

 

So what is DevSecOps?

You guessed it, instead of sending applications, updates, and code to the dreaded internal security team to see how many ways they can kill the project. DevSecOps continues the culture shift change by bringing security in from the beginning and working together rather than in silos with different goals.

https://www.csoonline.com/article/3245748/devops/what-is-devsecops-developing-more-secure-applications.htmlWhat is DevSecOps? Developing more secure applications | CSO Online The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.

 

http://www.computerweekly.com/news/252437170/Firms-need-to-move-from-DevOps-to-DevSecOps-says-expertFirms need to move from DevOps to DevSecOps, says expert In view of the data breach at Uber and other high-profile organisations that came to light in 2017, there are three DevOps security trends that should be on the radar of every organisation, she said.

 

https://www.forbes.com/sites/forbestechcouncil/2017/08/29/cutting-through-the-headlines-to-create-a-devsecops-strategy/#9bf2f0664216Cutting Through The Headlines To Create A DevSecOps Strategy But there’s also a significant downside to headline-driven security. Effective cybersecurity is not a game of whack-a-mole. It’s a highly challenging endeavor that requires rigorous discipline — especially when it comes to optimizing the allocation of your company’s very limited cybersecurity budgetary and staff resources. So if you throw those resources at a headline just because it’s a headline, you’ll lose.

 

 

https://www.forbes.com/sites/jasonbloomberg/2017/11/20/mitigate-digital-transformation-cybersecurity-risk-with-devsecops/#71bf926e2374Mitigate Digital Transformation Cybersecurity Risk With ‘DevSecOps’ Just as digital transformation requires breaking down organizational silos, so too with cybersecurity. “Security needs to be part of everyone’s job,” explains Fraser Scott, Cloud Security & DevSecOps at Capital One. “Security being a constant blocker just won’t scale. Either that or you end up with shadow IT.”

 

 

If video is your thing, here a few interesting videos explaining DevSecOps a lot better than I can.

 

 

And yes, there is conference #DevSecCon