Looking for the opportunity to grow and develop professionally while working with cutting-edge technology in an innovative environment?
Our client, a successful financial technology and services company, currently seeks a highly skilled and experienced AWS SecDevOps Engineer to join their dynamic and innovative team. The successful candidate will have a strong background in cloud security, development operations, and automation. This role involves ensuring the security of our AWS infrastructure while integrating security best practices into the CI/CD pipeline. The AWS SecDevOps Engineer will work closely with development and operations teams to build secure, scalable, and resilient cloud environments, focusing on integrating security practices into the development and operations processes. This position will require the selected candidate to work in the company’s Edison, NJ office.
Responsibilities:
Security Automation & Infrastructure as Code (IaC):
- Design and implement security-focused infrastructure using tools like AWS CloudFormation, Terraform, and AWS Config.
- Automate security controls, monitoring, and incident response processes using AWS Lambda, AWS Systems Manager, and other automation tools.
- Develop and maintain automated security testing tools and scripts to be integrated into the CI/CD pipeline.
CI/CD Pipeline Security:
- Integrate security checks into the CI/CD pipeline to ensure continuous security validation.
- Implement and manage security testing tools (e.g., static code analysis, vulnerability scanning) as part of the development pipeline.
- Collaborate with development teams to ensure that secure coding practices are followed and that security is embedded in the development lifecycle.
Cloud Security Monitoring & Incident Response:
- Set up and manage security monitoring tools such as Amazon GuardDuty, AWS Security Hub, and CloudTrail to detect and respond to threats in real-time.
- Develop and execute incident response plans and playbooks to address security incidents and breaches.
- Continuously monitor and analyze security alerts, tuning them to reduce false positives and improve detection accuracy.
Vulnerability Management:
- Conduct regular vulnerability assessments and penetration testing to identify and remediate security weaknesses.
- Manage and prioritize vulnerability remediation efforts, working with development and operations teams to apply patches and updates.
- Use tools like Amazon Inspector and third-party security solutions to identify and address vulnerabilities in AWS resources.
Identity & Access Management (IAM):
- Design and manage IAM policies, roles, and permissions to enforce the principle of least privilege.
- Implement and manage secure access to AWS resources, including Multi-Factor Authentication (MFA) and AWS Single Sign-On (SSO).
- Conduct regular audits of IAM configurations and access logs to ensure compliance and detect unauthorized access.
Data Protection & Encryption:
- Implement encryption strategies for data at rest and in transit using AWS KMS, AWS CloudHSM, and other encryption tools.
- Ensure secure storage and transmission of sensitive data across AWS environments.
- Monitor and audit data access controls to maintain the confidentiality and integrity of data.
Requirements:
- Bachelor’s degree in computer science, Information Security, or a related field.
- Strong knowledge of AWS security services and tools (e.g., IAM, GuardDuty, CloudTrail, Security Hub)
- 3+ years of experience in cloud security, DevOps, or a related field, with a focus on AWS.
- Experience with Infrastructure as Code (IaC) tools like AWS CloudFormation or Terraform.
- Proficiency in scripting and automation (e.g., Python, Bash, AWS Lambda).
- Experience with CI/CD tools such as Jenkins, GitLab CI/CD, or AWS CodePipeline.
- Familiarity with security testing and monitoring tools like CloudWatch, DataDog.
- Strong problem-solving and analytical skills.
- Excellent communication and collaboration abilities.
- Ability to work independently and in a team environment.
- Detail-orientation with a focus on maintaining secure, compliant cloud environments.
Preferred Skills and Qualifications:
- AWS Certified Security, AWS Certified DevOps Engineer, AWS Solutions Architect or similar certifications.
- Strong understanding of secure software development lifecycle (SDLC) practices.
The above requirements and qualifications are meant to describe the general nature of the position and do not represent all duties to be performed by the selected candidate. Please note that only candidates who are under consideration for the position will be contacted. The Company is an equal opportunity employer. All employment is decided on basis of qualifications, merit, and business needs without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or veteran or disability status.