Hi,
My name is Rohit Chauhan, and I am a Staffing Specialist at Novia Infotech LLC. I am reaching out to you on an exciting job opportunity with one of our clients.
Job Title: DevSecOps Engineer
Location: Boston, MA
Job Summary
We are seeking a highly skilled DevSecOps / Software Supply Chain Security Engineer to join the Cyber Security Architecture & Engineering team. The ideal candidate will be responsible for designing, implementing, and managing secure software delivery processes across enterprise CI/CD pipelines, artifact repositories, container platforms, and cloud environments.
This role requires deep expertise in Software Supply Chain Security, DevSecOps practices, artifact governance, container security, and cloud-native technologies. The successful candidate will play a critical role in securing the software development lifecycle and driving enterprise-wide adoption of modern security controls and governance standards.
Key Responsibilities
Software Supply Chain Security
- Design and implement enterprise software supply chain security strategies and controls.
- Establish secure artifact sourcing and dependency management practices across Maven, PyPI, NPM, Docker, and internal repositories.
- Ensure artifact integrity, provenance, immutability, and authenticity throughout the software lifecycle.
- Implement and enforce SLSA (Supply-chain Levels for Software Artifacts) standards and best practices.
- Develop governance frameworks for open-source software consumption and third-party dependencies.
- Perform software supply chain risk assessments and remediation planning.
DevSecOps & Secure SDLC
- Integrate security controls into CI/CD pipelines to support secure software delivery.
- Implement automated security testing including SAST, DAST, SCA, container scanning, and secrets detection.
- Collaborate with development teams to embed security throughout the Software Development Lifecycle (SDLC).
- Drive DevSecOps adoption and promote shift-left security practices across engineering teams.
- Automate compliance and security validation processes within build and deployment workflows.
Artifact Repository Management
- Administer and secure artifact repositories including JFrog Artifactory and Sonatype Nexus.
- Implement repository governance, access controls, artifact promotion workflows, and retention policies.
- Monitor artifact usage and enforce package security standards.
- Support software signing, verification, and trusted artifact management processes.
Container & Kubernetes Security
- Implement secure container image pipelines and trusted image strategies.
- Support Chainguard-based container security initiatives and hardened container deployments.
- Secure Kubernetes environments, container registries, and cloud-native workloads.
- Conduct vulnerability assessments and remediation activities for containerized applications.
- Implement container runtime security controls and monitoring solutions.
Cloud & Infrastructure Security
- Secure cloud-native environments across AWS and Azure platforms.
- Develop and manage Infrastructure as Code (IaC) security controls using Terraform and Ansible.
- Implement automated IaC scanning, policy enforcement, and compliance validation.
- Support secure deployment architectures for cloud and hybrid environments.
Governance, Monitoring & Reporting
- Develop dashboards, KPIs, and security metrics for software supply chain risk management.
- Establish governance standards and security policies for engineering organizations.
- Generate compliance reports and support internal and external audit requirements.
- Monitor vulnerabilities, dependency risks, and remediation efforts across software ecosystems.
Collaboration & Leadership
- Partner with Security, DevOps, Cloud Engineering, and Application Development teams.
- Provide technical guidance on secure software delivery and supply chain security practices.
- Lead security improvement initiatives and contribute to enterprise security architecture.
- Conduct knowledge-sharing sessions and security awareness training for engineering teams.
Required Qualifications
- 8–12+ years of experience in DevOps, DevSecOps, Cybersecurity, or Security Engineering.
- Strong hands-on experience with CI/CD pipeline development and automation.
- Deep understanding of Software Supply Chain Security concepts and frameworks.
- Experience with artifact repository platforms such as JFrog Artifactory and Sonatype Nexus.
- Knowledge of SLSA, SBOM, artifact signing, provenance, and dependency management.
- Strong experience with container technologies including Docker and Kubernetes.
- Experience implementing DevSecOps controls within enterprise software delivery environments.
- Hands-on experience with AWS and/or Azure cloud platforms.
- Experience with Infrastructure as Code tools such as Terraform and Ansible.
- Strong scripting and automation skills using Python, Bash, or PowerShell.
- Experience with application security testing tools and methodologies.
Preferred Qualifications
- Experience with Chainguard trusted images and secure container supply chain initiatives.
- Knowledge of Sigstore, Cosign, Notary, and software signing technologies.
- Experience with Kubernetes security frameworks and cloud-native security platforms.
- Familiarity with NIST SSDF, OWASP, Zero Trust, and secure coding practices.
- Previous experience within Banking, Financial Services, FinTech, or highly regulated environments.
- Security certifications such as CISSP, CSSLP, CKS, CCSP, AWS Security Specialty, or equivalent.
|
Rohit Chauhan IT Recruiter A: 4421 Avenida Ln, McKinney, TX, 75070
|
You received this message because you are subscribed to the Google Groups "NoviaJobs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to noviajobs+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/noviajobs/CAJ0-OE8zvd-%2BTDR_UJ4qDcLjqrEPbRoy8pT4tZYZWtjtaN_YHw%40mail.gmail.com.
No comments:
Post a Comment