DevSecOps Engineer

Vintti is a specialized staffing agency that believes diversity is the catalyst for innovation. We connect US-based SMBs, startups, and firms with exceptional talent from Latin America, fostering a rich tapestry of cultural perspectives within American businesses. Our unique position allows us to handpick professionals who not only possess the required skills but also bring fresh ideas and global insights to the table. Vintti's services go beyond filling positions; we enrich company cultures and expand business horizons on an international scale.

A DevSecOps Engineer plays a pivotal role by integrating security practices into the DevOps development and deployment processes. They work to ensure that security is embedded at every phase of the software development lifecycle, from initial planning through to deployment and maintenance. By automating security checks and implementing policies, DevSecOps Engineers help teams respond swiftly to potential threats while maintaining the agility of DevOps practices. Their role involves collaboration with development, operations, and security teams to create a unified approach to building, deploying, and running secure software.

- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field
- Minimum of 3-5 years of experience in a DevSecOps or similar role
- Strong understanding of CI/CD pipelines and experience integrating security tools
- Expertise in cloud platforms such as AWS, Azure, or Google Cloud
- Proficiency with containerization technologies like Docker and orchestration tools like Kubernetes
- Hands-on experience with security tools such as static code analysis, SAST, DAST, and vulnerability scanning tools
- Solid understanding of secure coding practices and principles
- Experience with infrastructure as code tools (e.g., Terraform, Ansible)
- Knowledge of various security frameworks and standards (e.g., OWASP, NIST, ISO 27001)
- Experience conducting threat modeling and risk assessments
- Familiarity with monitoring and logging tools for security purposes
- Strong incident response and investigation skills
- Excellent scripting skills (e.g., Python, Bash)
- Familiarity with version control systems (e.g., Git)
- Experience with automated security testing and continuous integration tools
- Strong analytical and problem-solving skills
- Ability to communicate complex security concepts to non-technical stakeholders
- Certification in security-related areas (e.g., CISSP, CEH, OSCP) preferred
- Strong teamwork and collaboration skills
- Proven ability to stay updated on the latest security vulnerabilities, trends, and technologies
- Experience in compliance and regulatory requirements related to cybersecurity
- Ability to train and mentor team members on security best practices
- Excellent documentation and writing skills

- Automate security workflows within CI/CD pipelines
- Monitor, review, and respond to security alerts across applications and infrastructure
- Conduct thorough vulnerability assessments
- Manage and coordinate remediation activities for identified vulnerabilities
- Collaborate with development and operations teams to enforce secure coding practices
- Implement, manage, and maintain security solutions and tools
- Develop, review, and update security policies, standards, and procedures
- Participate in incident response activities and forensic investigations
- Perform regular threat modeling and risk assessments
- Analyze source code for security weaknesses and vulnerabilities
- Continuously enhance security testing tools and methodologies
- Maintain and secure cloud infrastructure environments
- Provide training and education on security best practices to team members
- Validate existing security configurations and suggest enhancements
- Assist in compliance and regulatory audit processes
- Create and maintain comprehensive documentation on security procedures
- Stay informed about emerging security threats and technology trends
- Manage and deploy secure containerization and orchestration tools
- Integrate security testing tools into the software development lifecycle
- Perform static code analysis and code reviews on critical software projects
- Collaborate with IT and network teams to implement and enforce network security policies

The ideal candidate for the DevSecOps Engineer position is a highly experienced professional with a robust background in integrating security into CI/CD pipelines and a strong grasp of cloud platforms such as AWS, Azure, or Google Cloud. They possess in-depth knowledge and hands-on experience with containerization technologies like Docker and orchestration tools like Kubernetes, complemented by proficiency in security tools including SAST, DAST, and vulnerability scanners. Demonstrating a solid understanding of secure coding practices, they excel in using infrastructure as code tools such as Terraform and Ansible, and are well-versed in security frameworks like OWASP, NIST, and ISO 27001. This candidate excels at threat modeling, risk assessments, and incident response, with a knack for monitoring and logging tool utilization for security purposes. Their scripting skills in languages such as Python and Bash, coupled with experience in version control systems like Git, ensure they can automate and streamline security workflows effectively. They possess excellent communication skills, enabling them to convey complex security concepts to non-technical stakeholders, alongside their ability to train and mentor team members. Their proactive, detail-oriented nature, combined with critical thinking, analytical skills, and a resilient attitude towards high-pressure situations, make them adept at foreseeing and mitigating security risks. An advocate for security and privacy principles, they are committed to continuous learning and staying abreast of industry trends, fostering a culture of security within the organization while maintaining thorough documentation. Holding certifications such as CISSP, CEH, or OSCP is desirable, further bolstering their credibility and expertise in ensuring robust security measures.

- Automate security processes in the CI/CD pipeline
- Monitor and review application and infrastructure security alerts
- Conduct vulnerability assessments and manage remediation efforts
- Collaborate with development and operations teams to ensure secure software development practices
- Implement and manage security tools and solutions
- Develop and maintain security policies, standards, and procedures
- Participate in security incident response and investigations
- Perform threat modeling and risk assessments
- Review and analyze source code for security vulnerabilities
- Continuously improve security testing methodologies and tools
- Maintain and secure cloud infrastructure
- Train and educate team members on security best practices
- Validate security configurations and recommend improvements
- Assist in compliance and regulatory audits
- Create and maintain documentation for security processes and workflows
- Research and stay updated on the latest security threats, trends, and technologies
- Manage and deploy containers and orchestration tools with a security mindset
- Integrate automated security testing tools into the development environment
- Perform code review and static analysis on critical projects
- Work with IT and network teams to enforce security policies at all network layers

- Proactive and detail-oriented
- Strong critical thinking and analytical skills
- Ability to work independently and take initiative
- Excellent problem-solving capabilities
- Effective communicator with both technical and non-technical stakeholders
- Team player who thrives in collaborative environments
- Adaptable to rapidly changing security landscapes
- Strong sense of ownership and responsibility
- Passionate about continuous learning and staying current with industry trends
- Patient and capable instructor, proficient in educating peers on security best practices
- High integrity and ethical standards
- Strong organizational and multitasking skills
- Strategic mindset with the ability to foresee security implications
- Resilient and able to handle high-pressure situations
- Meticulous in maintaining thorough and accurate documentation
- Innovative thinker willing to explore new security technologies and methodologies
- Committed to fostering a culture of security within the organization
- Strong advocate for security and privacy principles

- Competitive salary range based on experience and qualifications
- Comprehensive health, dental, and vision insurance plans
- Generous paid time off (PTO) and holiday schedule
- Flexible work hours and remote work options
- Retirement savings plan with company matching
- Opportunities for career advancement and professional development
- Tuition reimbursement for relevant courses and certifications
- Wellness programs including gym memberships and mental health support
- Company-sponsored tech conferences and training workshops
- Team-building events and company outings
- Employee assistance programs (EAP) for personal and professional support
- Onsite amenities such as free snacks, beverages, and ergonomic workstations (if applicable)
- Work-life balance initiatives, including family leave policies
- Access to cutting-edge technology and tools
- Mentorship programs and knowledge-sharing sessions
- Inclusive and diverse work environment
- Recognition and reward programs for outstanding performance
- Participation in volunteer and community service activities
- Stock options or equity opportunities (if applicable)
- Monthly or annual bonuses based on performance