DEVESCOPS

Posted on August 6, 2025

Apply Now

Job Description

  • DEVESCOPS, 4-8 years
  • Location: Remote, 1- 10 PM IST
  • FedRAMP Compliance: Learn and interpret FedRAMP Moderate controls documentation, integrating those requirements into our processes and systems to ensure compliance.
  • AWS System Hardening: Harden AWS systems and services by applying Security Technical Implementation Guides (STIGs) and other industry best practices to improve our cloud infrastructure security.
  • Infrastructure Code Security: Identify and fix security vulnerabilities in our Infrastructure-as-Code (Terraform) configurations, ensuring that our provisioning scripts follow secure coding standards.
  • Vulnerability Patching: Regularly apply security patches and updates to servers, applications, and dependencies to mitigate known vulnerabilities and maintain system integrity.
  • Security Scanning & Remediation: Assist in running security scans (e.g., using Snyk and other tools) on our codebase and container images, then remediate any discovered vulnerabilities in a timely manner.
  • Documentation for Certification: Develop new security processes and procedure documents required for FedRAMP Moderate certification, including policies, standard operating procedures, and compliance evidence.
  • Security Testing: Perform security testing on both infrastructure and applications (e.g., configuration reviews, penetration testing coordination, code security reviews) to proactively identify and address security issues.
  • DevSecOps Expertise: Proven experience in a DevSecOps or security-focused DevOps role, with hands-on knowledge of integrating security into CI/CD pipelines and cloud environments.
  • AWS Security Knowledge: Strong familiarity with AWS services and security features, including experience hardening cloud resources (applying STIGs or similar security benchmarks).
  • Infrastructure as Code: Experience with Terraform (or similar IaC tools) and a deep understanding of how to secure infrastructure code, including detecting and fixing misconfigurations in Terraform scripts.
  • Vulnerability Management: Proficiency with vulnerability scanning tools (e.g., Snyk, Nessus) and patch management processes, with a track record of remediating findings promptly.
  • Compliance Awareness: Basic knowledge of FedRAMP, NIST 800-53, or similar security frameworks is highly beneficial (no specific certification required, but a willingness to learn and apply these standards is expected).
  • Documentation Skills: Ability to create clear and detailed security documentation, runbooks, and standard operating procedures that align with compliance requirements.
  • Problem-Solving: Strong troubleshooting skills and a proactive approach to identifying and resolving security issues across both infrastructure and application layers.
  • Communication: Excellent communication and collaboration skills, with the ability to work effectively in a remote team environment and report on security posture to stakeholders.

Required Skills

devescops