DevOps/SecOps Analyst

Job Description

  • Location: Alpharetta, Georgia
  • Type: Direct Hire
  • Job #19189
  • Salary: $80,000

DevOps/SecOps Analyst
Atlanta, GA
Direct Hire – Hybrid/Remote

This role requires a deep understanding of both DevOps and cybersecurity practices, as well as a proactive approach to identifying and mitigating security risks.

RESPONSIBILITIES

  • DevOps Integration: Collaborate with development and operations teams to integrate security practices into the DevOps pipeline, promoting a culture of “security as “
  • Security Automation: Develop and maintain automated security processes, including vulnerability assessments, and code analysis, to identify and address security vulnerabilities throughout the development life
  • Compliance: Ensure compliance with industry regulations and standards (e.g., GDPR, HIPAA, PCI-DSS) by implementing necessary security controls and participating in audits as
  • Security Awareness: Promote security awareness across the organization by providing training, documentation, and best practice guidelines for secure development and
  • Collaboration: Work closely with cross-functional teams, including software engineers, system administrators, and IT staff, to ensure security is prioritized throughout the software development life
  • SBOM Creation and Maintenance: Generate, update, and manage comprehensive SBOMs for all software Collaborate with development teams to gather information on software components, dependencies, and versions.
  • Component Identification: Analyze software packages and artifacts to identify components, including third -party libraries, open-source software, and proprietary
  • Version Tracking: Monitor and track changes to software components and versions, ensuring the SBOM is always up – to-date and accurately reflects the software’s
  • Vulnerability Assessment: Work closely with security teams to assess the security posture of software components by analyzing vulnerabilities and their associated
  • Integration with CI/CD Pipelines: Integrate SBOM generation and analysis into the continuous integration and continuous delivery (CI/CD) pipelines to automate and streamline the
  • Risk Management: Assess and prioritize risks associated with software components, considering factors such as vulnerabilities, licensing, and criticality.
  • Documentation and Reporting: Maintain accurate documentation of SBOMs, vulnerability assessments, and compliance Generate regular reports for stakeholders.
  • Best Practices and Education: Stay updated on industry best practices related to SBOMs, software composition analysis, and supply chain Educate development teams on the importance of SBOMs and proper software component management.

REQUIREMENTS

  • Bachelor’s degree in computer science, business, or related area or at least 2 years of current programming and DevOps/SecOps experience. Relevant security certifications such as Certified DevOps Security Professional (CDSP), Certified Information Systems Security Professional (CISSP), or Certified Cloud Security Professional (CCSP) is a plus.
  • 2+ years of experience: developing and supporting computerized business systems; working with Visual Studio or VS Code; with Azure DevOps, GitHub, or similar platforms; with version control and related software management systems (Git, DevOps, TFS).
  • Some experience with application security scanning, assessment, and AppSec dashboarding tools (e.g. Veracode, GitLab, etc.) Demonstrated experience in DevOps practices and methodologies, including continuous integration, continuous delivery (CI/CD), and infrastructure as code (IaC).
  • Strong understanding of security concepts, best practices, and common vulnerabilities (e.g., OWASP Top Ten). Proficiency with scripting languages (e.g., Python, Bash) and experience with automation tools (e.g., Ansible, Terraform).
  • Familiarity with cloud platforms (e.g., Azure) and their security features.
  • Experience with containerization and orchestration tools (e.g., Docker, Kubernetes) and securing containerized environments. Knowledge of security compliance frameworks and standards (e.g., NIST, CIS).
  • Solid understanding of software development lifecycle, including software components, dependencies, and versioning.
  • Familiarity with open-source software, third-party libraries, and licensing concepts.
  • Experience with software composition analysis (SCA) tools and vulnerability management platforms.
  • Familiarity with industry standards like SPDX (Software Package Data Exchange) and CWE (Common Weakness Enumeration) is a plus.

 

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!

29 years

in business

For employers

Name(Required)
This field is for validation purposes and should be left unchanged.