We are looking for an Senior Azure DevSecOps Engineer who will implement security frameworks in our pipeline to support ISSO packages through the Risk Management Framework (RMF) process, ensuring Authority to Operation (ATO) in support of CDC mission requirements.
The engineer will support our compliance needs in the Azure cloud by applying their knowledge of Azure Governance best practices used to secure technical solutions, including applications, systems, architectures, and infrastructures that are operationally viable:
- Serves as an Azure Security Subject Matter Expert (SME) on the Governance and Architecture team as part of a Cloud Optimization program to deliver new and secure cloud services throughout the organization, such as Azure Kubernetes Service, Azure SQL DB, Azure App Configuration and Data Gateway.
- Leverage security products such as Fortify or SonarQube to protect the organization’s systems and information and enable achievement of the organization’s objectives.
- Implementing scanning frameworks into CI/CD pipelines
- Administers Azure security services to include: Azure Defender for Cloud, Azure Policy, Azure Web Application Firewalls, and Log Analytics.
- Created and facilitates an Application Security Program within the organization to collaborate with Developer teams on application vulnerability remediation.
The engineer will be part of a larger effort to modernize the CDC DevOps enterprise framework by joining the re-engineering team which is comprised of data scientists, software engineers, product owners, and DevOps engineers.
Mechanicode is a remote-first company, and this role will be 100% remote.
- Must be a U.S citizen or green-card holder
- 6+ years of professional experience
- Ability to pass a background check and obtain a public trust security clearance
Nice to Have
- Azure Certifications
- Security Certifications
Essential Skills, Experience, and Competencies:
- Azure Experience
- Proficient with Infrastructure as Code tools like Terraform
- 3-5 yrs related experience with the end-to-end vulnerability management lifecycle (SAST, SCA and DAST); Great understanding of full SDLC.
- 3-5 yrs related experience / Understanding with various security assessment tooling such as Fortify, SonbarQube, CheckMarx, Veracode, AppScan, etc.
- Familiarity with the following information security requirement regulations: DoD 8510.01, NIST publication series (800-53, 53A, 37, etc.), AR 380-5, AR 25-2, etc.
- Produce useful and actionable dashboarding, reporting, metrics with various security tools per request to support the Application Security Team, this would include Fortify, for weekly, monthly, or quarterly client presentations.
- Excellent technical writing and reporting skills
- Excellent communication skills, both written and verbal
- Ability to establish and maintain good professional relationships
- Bachelor's in computer science or related technical discipline
- Ability to work both with little supervision and in a team
- Desire and ability to ramp up quickly on new technologies
Mechanicode’s vision is to bring peace of mind with technology.
We do so by building self-healing cloud infrastructure, resilient enough to withstand failures and sufficiently predictable to resolve issues without human intervention.
We do that by having automation as the cornerstone of our cloud solutions, significantly improving workforce attrition, and introducing agile rapid development conventions that improve the developer's experience.
Mechanicode a Cloud Digital services firm providing comprehensive DevSecOps, Cloud Native Engineering, IT Modernization & Automation services.
Founded by a former USDS engineer, Mechanicode has 13 years of experience developing innovative automation solutions improving the feedback loop in the developer experience, and using AWS/Azure Certified best practices for clients.
Mechanicode has experience in both the public and private sectors, providing modernization services that engage Agile best practices, scalable cloud architectures, and continuous integration & deployment standards.