Job Title: DevOps Engineer (with DevSecOps & Security Expertise)
Location: Chicago, IL (Hybrid)
Job Type: Contract
About the Role:
We are seeking a highly skilled DevOps Engineer with strong experience in DevSecOps practices and a solid background in security engineering. This role is critical in ensuring our infrastructure, CI/CD pipelines, and cloud environments are not only efficient and scalable but also secure by design.
Key Responsibilities:
- Design, implement, and maintain secure CI/CD pipelines integrating security checks and automated compliance.
- Collaborate with development, security, and operations teams to embed security into every phase of the software development lifecycle.
- Manage infrastructure as code (IaC) using tools like Terraform, CloudFormation, or Ansible.
- Monitor and respond to security incidents, vulnerabilities, and compliance issues across cloud and on-prem environments.
- Implement container security best practices (e.g., image scanning, runtime protection) using tools like Aqua, Prisma Cloud, or Sysdig.
- Conduct threat modeling, risk assessments, and security reviews of infrastructure and deployment processes.
- Automate security testing (SAST, DAST, SCA) within CI/CD workflows.
- Maintain and enhance logging, monitoring, and alerting systems to detect and respond to anomalies.
- Ensure compliance with industry standards such as ISO 27001, SOC 2, NIST, or GDPR.
Required Skills & Qualifications:
- Proven experience in DevOps and DevSecOps roles.
- Strong understanding of cloud platforms (AWS, Azure, GCP) and their security models.
- Proficiency in scripting languages (Python, Bash, etc.).
- Experience with containerization (Docker, Kubernetes) and container security.
- Familiarity with security tools like Vault, SonarQube, OWASP ZAP, Snyk, or Checkmarx.
- Knowledge of IAM, network security, secrets management, and encryption.
- Experience with CI/CD tools (Jenkins, GitLab CI, GitHub Actions, etc.).
- Understanding of compliance frameworks and secure coding practices.
