CCM Consulting
Short Hills, NJ
Post Resume to
View Contact Details &
Apply for Job
Job Description :

DevSecOps Engineer.

Job Summary:

We are seeking a knowledgeable and proactive DevSecOps Engineer to embed security into every stage of the software development lifecycle. This role ensures that all software products are developed and deployed in compliance with DTMB (Department of Technology, Management, and Budget) security policies and industry best practices. The ideal candidate will guide teams on secure coding practices, perform threat modeling, and automate security processes across the CI/CD pipeline.

 

Key Responsibilities:

  • Ensure application and infrastructure security throughout the software development lifecycle in alignment with DTMB policies and industry standards.
  • Educate and mentor development teams on secure coding practices, promoting security awareness and ownership across the SDLC.
  • Conduct threat modeling activities to proactively identify risks, vulnerabilities, and potential security breaches during system design and development.
  • Automate security processes using tools integrated into CI/CD pipelines (e.g., static code analysis, container scanning, dependency checking).
  • Collaborate with DevOps, security, and engineering teams to implement secure development frameworks and infrastructure.
  • Evaluate and implement DevSecOps tools and technologies, ensuring they effectively support code analysis, configuration management, and access control.
  • Monitor and audit systems for security compliance and assist with incident response when necessary.
  • Maintain documentation for security procedures, policies, and threat assessments.

Required Qualifications:

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
  • 3+ years of experience in a DevSecOps, Application Security, or related role.
  • Strong knowledge of secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and threat modeling techniques.
  • Experience with DevSecOps tools, such as Snyk, SonarQube, Checkmarx, Aqua, Prisma Cloud, or Twistlock.
  • Proficiency with CI/CD tools and platforms (e.g., Jenkins, GitLab CI, GitHub Actions, Azure DevOps).
  • Familiarity with container security (Docker, Kubernetes) and cloud security principles (GCP, AWS, or Azure).
  • Strong scripting or programming skills in languages such as Python, Bash, or JavaScript.

Preferred Qualifications:

  • Security certifications such as CSSLP, CEH, OSCP, or GIAC.
  • Experience working in compliance-focused environments (e.g., NIST, HIPAA, GDPR, FedRAMP).
  • Knowledge of infrastructure-as-code security (e.g., Terraform, Ansible).
  • Background in incident response and vulnerability management.
             

Similar Jobs you may be interested in ..