AllSTEM Connections · 1 day ago
Senior DevSecOps Engineer
Niwot, CO
Full-time
Hybrid
Senior Level
$140K/yr - $165K/yr
5+ years expAllSTEM Connections is a high tech provider of cutting edge scientific monitoring equipment utilized in the semiconductor and pharmaceutical industries. They are seeking a Senior DevSecOps Engineer to lead a team focused on building and managing secure cloud environments, implementing security practices, and collaborating with development teams to enhance workflows and security integration in the software delivery process.
Professional ServicesRecruitingStaffing Agency
No H1B
Hiring Manager
Scott Bennekemper
Responsibilities
Lead a DevSecOps team that builds and manages secure cloud environments and CI/CD pipelines integrating automated security testing, vulnerability management and compliance controls to support efficient and secure firmware and software delivery
Implement security and compliance practices, including vulnerability scanning, dependency analysis, SBOM management, threat modeling, and secure coding standards with SAST, DAST, SCA and SBOM tools
Collaborate with development teams to improve workflows, release strategies, automated testing environments and integrate security practices into the development process
Automate the provisioning and configuration of servers, containers, and other infrastructure components using IaC and configuration management tools
Administer and maintain binary repositories
Implement and maintain monitoring and logging systems to ensure the health and performance of the CI/CD pipeline infrastructure
Lead a team through the vulnerability management lifecycle; investigating and remediating security vulnerabilities and incidents in CI/CD pipelines and product releases
Troubleshoot and resolve issues related to development, automated testing, and release, and security incidents, ensuring tight feedback loops and maximum value throughout
Collaborate and communicate with development teams to capture performance metrics, identify bottlenecks, and implement improvement strategies
Work with a cross-functional team to ensure product releases meet internal and regulatory cybersecurity standards
Stay up to date with emerging technologies, industry trends, security frameworks, and software supply chain security best practices
Recommend and procure new DevOps and cybersecurity related tools, work with legal to approve tools, track license agreements, communicate with vendors, plan upgrades and negotiate costs
Actively participate in building and maintaining a strong DevSecOps team by establishing technical interview criteria and evaluating candidates through interviews
Mentor and provide guidance to members of the DevSecOps team, firmware and software teams, fostering a culture of knowledge sharing, secure development practices and continuous learning/improvement
Continuously evaluate processes for improvements in efficiency, quality, and safety
Qualification
Required
Bachelor of Science in Computer Science or a related Engineering field
5 years of experience as a DevSecOps Engineer or security-focused DevOps Engineer, with 2 years of experience as a technical lead within DevSecOps or other Engineering practices
Development experience in either embedded firmware or software
Experience integrating SAST, DAST, SCA and SBOM tools into CI/CD pipelines
Hands-on experience managing binary repositories
Proficiency with AWS or other major cloud platforms
Proficiency in IaC and configuration management tools
Strong scripting skills in languages like Bash, Python, or PowerShell
Experience using build tools such as CMake, Make, or custom toolchains
Experience with containerization technologies such as Docker
Working knowledge of CI/CD tools like Jenkins, Bitbucket Pipelines and GitHub Actions
Familiarity with monitoring and logging tools such as Prometheus and Grafana
Cyber Security knowledge and experience; solid understanding of cybersecurity principles, vulnerability management, and DevSecOps practices
Experience implementing shift-left security across the product development lifecycle
Excellent problem-solving and troubleshooting skills, with the ability to analyze complex systems and identify root causes
Strong communication and collaboration skills, capable of working effectively in cross-functional teams
Experience interviewing engineering candidates
Preferred
Understanding of Agile, DevOps and DevSecOps methodologies, with experience embedding security into software development processes
Expertise in Git and the Atlassian suite of software development tools including Bitbucket pipelines
Experience integrating security scanning tools into CI/CD pipelines (SAST, DAST)
Familiarity with automated software composition analysis (SCA) and open-source compliance practices
Familiarity with DORA metrics
Cyber Security certifications such as CISSP, CCSP, Security+, AWS Certified Security - Specialty
Experience with SBOM standards such as SPDX and CycloneDX
Familiar with industry standards such as EN 18037 and IEC 62443
Knowledge and experience with techniques required by EU Cyber Resilience Act, particularly with respect to vulnerability management
Expertise in performing threat modeling and risk assessment
Experience working alongside cybersecurity teams to ensure secure development practices and incident response readiness
Previous experience in vendor management
Experience in multi-disciplinary engineering environment
Benefits
401(k) matching
Dental insurance
Employee assistance program
Flexible schedule
Flexible spending account
Health insurance
Health savings account
Life insurance
Paid time off (15)
Sick Leave (6)
Parental leave
Tuition reimbursement
Vision insurance
Company
AllSTEM Connections
AllSTEM Connections is a provider of staffing and recruiting services.
501-1000 employees
Funding
Current Stage
Late StageCompany data provided by crunchbase