Amentum is a global leader in advanced engineering and innovative technology solutions, seeking a highly skilled Senior Secure DevOps Engineer to join their team. The role involves building and maintaining secure software development workflows, ensuring compliance with security standards, and collaborating with various teams to enhance security practices.
Responsibilities:
- Design, implement, and maintain secure CI/CD pipelines to support DevOps workflows
- Work closely with development, operations, and security teams to integrate security tools and best practices into the software development lifecycle
- Automate infrastructure deployment using Infrastructure as Code (IaC) while maintaining security and scalability
- Develop and enforce security policies and ensure continuous monitoring of vulnerabilities and risks in the systems
- Manage and secure cloud infrastructure (Azure, or GCCH) to optimize performance and compliance
- Collaborate with the security team to perform threat modeling and risk assessments, and address identified vulnerabilities
- Monitor systems, logs, and events to detect security threats, misconfigurations, and other operational or security issues
- Stay current with industry trends in DevSecOps tools, cloud security, and cybersecurity practices
- Create technical documentation and workflows for DevOps processes and security implementations
- Provide mentorship and promote secure DevOps best practices across development and operations teams
- Perform other duties as assigned
Requirements:
- Bachelor's degree in Computer Science, Engineering, Information Technology, or equivalent practical experience
- Typically, 5 years of hands-on experience in DevOps engineering, with a strong focus on security
- Experience with CI/CD tools (e.g. DevOps CI/CD, GitHub Actions etc.)
- Strong hands-on experience with cloud service providers (e.g., Azure, or GCCHP)
- Hands-on experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible
- Experience with integrating security tools into DevOps workflows, such as vulnerability scanners, and security monitoring tools
- Proficiency in scripting and development (e.g., Python, Bash, or Go) for automation
- Thorough understanding of containerization and orchestration technologies (e.g., Docker, Kubernetes)
- Knowledge of application security principles, including OWASP Top 10 and security testing methods
- Familiarity with version control tools like Git and Git workflows
- Excellent problem-solving, collaboration, and communication skills
- Certifications such as Azure Certified DevOps Engineer, Certified Kubernetes Administrator (CKA), or Certified Information Systems Security Professional (CISSP)
- Experience implementing Zero Trust Architecture or securing microservices and APIs
- Familiarity with compliance frameworks (e.g., SOC 2, ISO 27001, PCI-DSS, GDPR)
- Practical experience with tools like Azure Key Vault for secrets management
- Contributions to or involvement in open-source security or DevOps projects