As a DevSecOps Engineer, you will design, implement, and maintain secure, automated infrastructure pipelines for enterprise software delivery. This role combines expertise in infrastructure-as-code, containerization, and security compliance to ensure robust, scalable, and compliant deployments across hybrid environments.
Responsibilities
Infrastructure Automation
- Develop and maintain Packer templates for creating hardened VM and container images, ensuring compliance with internal security standards.
- Collaborate with IT and product teams to streamline image pre-configuration for on-prem and cloud deployments.
Containerization & Orchestration
- Build and manage multi-container environments using Docker Compose, Podman, and Kubernetes for application deployment.
- Evaluate and implement alternatives for container orchestration in secure or air-gapped environments.
- Create and maintain VMs both manually and via (CI/CD) provisioning.
Security Integration
- Perform Black Duck scans and vulnerability assessments on source code, dependencies, and container images to meet SSDF and compliance requirements.
- Address identified security issues by upgrading components and mitigating risks in CI/CD pipelines.
- Collaborate with product security teams to enforce best practices for open-source compliance and license management.
Continuous Improvement
- Integrate security scanning tools (e.g., Black Duck Detect, VMT) into Jenkins and other CI/CD platforms.
- Monitor and optimize performance of security tools and container platforms, ensuring minimal downtime during maintenance windows.
Documentation
- Create instructions for both internal teams and customers to deploy, maintain, and upgrade images.
- Include documentation in the CI/CD pipeline.
Qualifications
- Strong experience with Packer, Docker, Docker Compose, and container orchestration tools (Kubernetes, Podman).
- Experience programming with Python, bash, etc.
- Proficiency in CI/CD pipelines and automation frameworks (Jenkins, GitLab CI).
- Hands-on experience with security scanning tools (Black Duck, SCA solutions) and remediation workflows.
- Knowledge of Linux administration and secure image creation for Debian/RHEL/Alpine environments.
- Familiarity with compliance frameworks (SSDF, legal open-source reviews).
- Strong collaboration skills to work with cross-functional teams (IT, Product Security, R&D).
Preferred Qualifications
- Experience deploying solutions in air-gapped or high-security environments.
- Understanding of cloud-native security practices and container runtime hardening.
- Full stack development experience.
