Devsecops Engineer
| Company | CoStar Group |
|---|---|
| Location | Richmond, VA, USA, Arlington, VA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Junior, Mid Level |
Requirements
- Bachelor’s Degree required from an accredited, not for profit university or college (preferably in Computer Science, Cybersecurity or a related field)
- 2+ years solid experience and understanding of how to apply security at scale in one or more of: CI/CD system, Kubernetes platform, cloud environment, or CDN
- Demonstrated ability to author scripts or IAC from scratch in either Python, PowerShell, Ansible, CloudFormation, Terraform, or similar language
- Experience working in a software development environment with a mature CI/CD
- Passion for solving complex challenges, innovating, and engaging in your work
Responsibilities
- Real-time vulnerability feedback in the IDE for insecure build patterns and artifacts (1P code, 3P code, containers, IAC, secrets)
- Gate environment builds to enforce vulnerability remediation SLAs
- Dynamic run-time scans of pre-prod to gate vulnerabilities from escaping into production
- Continual attack surface management pen testing and exploit validation
- Cloud security posture management and workload protection
- Cloud IAM security
- Kubernetes run-time security controls
- Cloud platform threat hunting
- API Security management
- WAF and Bot controls
- Integrated runtime/drift vulnerability feedback into respective product dev team’s bug tracking system
- Federated cloud security hardening, detection and enforcement
- Data security posture management
- Hunting for secrets and sensitive data leakage in logs, code, and documentation
Preferred Qualifications
- Strong communication skills with both software development and software leadership audiences
- In-depth understanding of various assessment tools
- Knowledge of infrastructure operations across databases, network, and system administration
- Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation
- Ability to mentor and train team members to prioritize security efforts effectively
- A self-starter who can advance the application security program and follow-through ideas to completion
- Hands-on experience implementing security tools into CI/CD pipelines
- Experience testing serverless cloud deployments