Job ID: 2024-1239 Type: Full-Time # of Openings: 1 Category: IT/Cloud Security Leesburg, VA
Overview
Lynker Corporation is a leading provider of innovative solutions in weather and climate science. With a commitment to excellence and a passion for innovation, Lynker leverages cutting-edge technologies and scientific expertise to support the creation and delivery of improved operational weather forecasts. Lynker is currently seeking a sharp and talented DevSecOps Engineer to play a critical role in embedding security into every stage of the software development lifecycle for NOAA's Office for Coastal Management (OCM). The ideal DevSecOps Engineer will have 3+ years of experience in DevSecOps or related fields, with a strong understanding of cloud platforms, security, automation, secure coding practices, and programming skills extensive enough to implement automation.
Responsibilities
Duties of the DevSecOps Engineer will include the following:
Collaborating with development, operations, and security teams to integrate security into the CI/CD pipeline using GitHub Actions
Implementing security automation tools and processes
Automate security tasks using Python/Node.js/Go and Bash scripting
Developing and enforcing security policies and best practices
Monitoring and analyzing security vulnerabilities,incidents and findings
Performing regular security assessments and code reviews
Work with developers to ensure security findings are handled in a timely manner
Design and Implement penetration testing suite to implement “attack vectors” against our application and infrastructure portfolio to proactively identify any vulnerabilities.
Administration and maintenance of secrets management system like Bitwarden
Regularly audit all repositories and organizations in GitHub to make sure they are following established security and privacy practices
Stay up-to-date with the latest security threats and technologies
Participate in incident response and disaster recovery planning
Secondary Responsibilities of the DevSecOps Engineer will include the following:
Work with DevOps team to help with day to day automation tasks using Github Actions
Provide support for maintaining our automation infrastructure in GithubActions
Github User and Repository administration based on existing policies
Audit Github Organizations and Wiki pages to ensure documentation coverage
Qualifications
The DevSecOps Engineer selected should have the following skillsets/qualifications:
Proficiency with Linux systems
Strong programming skills in scripting languages like Bash and one or more of Python/Node.js/Go
Experience with pen testing tools available in Kali Linux
Proficiency Docker and related tooling
Proficiency with CI/CD tools such as GithuActions or similar
Experience with Azure Cloud ( or equivalent AWS and GCP)
Good understanding typical developer workflows
Good understanding of network architecture to identify security vulnerabilities
Excellent written and verbal communication skills
Experience with identifying, investigating and mitigating common attack vectors like DDoS, MITM, XSS, SQL Injections, Session Hijacking etc.
Experience with reviewing common authentication mechanism like sessions cookies and JWT authentication in software development projects
Bachelor’s degree in computer science or related field and 3+ years of experience in DecSecOps or DevOps or similar automation roles.
Professional and technical certification programs may be substituted for years of education, based on credit hour equivalents
Proven experience and references can also be substituted for years of education
The Ideal DevSecOps Engineer will have the following:
Some experience with Kubernetes and security practices around it
Familiarity with all GitHub Offerings and ecosystem
Experience with Burp Suite Enterprise Edition
Expertise in writing complex automation workflows using Github Actions
Experience with Palo Alto firewall
Experience with Nginx and log analysis
Previous developer experience
Open Source Contributions
We love stack overflow reputation
About Lynker
Lynker is a growing, employee owned, small business, specializing in professional, scientific and technical services. Our continually expanding team combines scientific expertise with mature, results-driven processes and tools to achieve technically sound, cost effective solutions in hydrology/water sciences, geospatial analysis, information technology, resource management, conservation, and management and business process improvement.
We focus on putting the right people in the right place to be effective. And having the right people is critical for success. Our streamlined organization enables and empowers our talented professionals to tackle our customers' scientific and technical priorities – creatively and effectively.
Lynker offers a team-oriented work environment, and the opportunity to work in a culture of exceptionally skilled and diverse professionals who embrace sound science and creative solutions. Lynker's benefits include the following:
Comprehensive healthcare for the employee at no monthly cost
Healthcare benefit covers medical, prescription drug, dental, and vision
Personal Time Off (PTO) Policy plus paid holidays
Highly competitive compensation plan regularly calibrated against industry and location benchmarks
401(k) retirement plan with company-matching
Employee Stock Ownership Plan (ESOP) – we're all company owners!
Flexible spending accounts
Employee assistance program (EAP)
Short- and long-term disability insurance
Life and accident insurance
Tuition assistance/Training/Workforce improvement reimbursement per year
Spot bonuses for exceptional performance
Annual Employee Recognition Awards with bonuses
Employee Referral Program
Free centralized, self-directed Learning Management System to learn at your own pace
Personalized career growth plans for every employee
Lynker is an E-Verify employer.
Lynker is proud to be an Equal Opportunity Employer and encourages women, minorities, individuals with disabilities and veterans to apply.
