Senior DevSecOps Engineer
US-DC-Washington, D.C.
Careers (External)
Req #: 6233
Type: Full-Time
|
|
|||||||||||
|
||||||||||||
Overview: GovCIO is currently hiring for a Senior DevSecOps Engineer to support our client's contract needs. This position is located in the Washington, DC and will be a remote position with intermittent visits to customer location. Responsibilities: JBOSS * Install JBoss EAP on supported platforms (Linux, RHEL, Windows). * Configure in standalone or domain mode, depending on architecture needs. * Apply Red Hat-supported RPMs or ZIP installations and ensure compliance with licensing. * Deploy and manage Java EE applications (WAR/EAR) via: * Management CLI * Admin Console * Automation scripts (Ansible, shell) * Enable rolling deployments, hot deployment * Set up HTTPS/SSL with trusted certificates and secure keystores. * Enforce RBAC (Role-Based Access Control) using the management realm. * Configure security domains, JAAS, and Elytron security (modern Red Hat EAP security subsystem). * Manage key EAP subsystems: * Datasources (JDBC) * JMS (ActiveMQ Artemis) * Web (undertow) * EJB, JPA, JAX-RS, JTA, JNDI * Modify configurations via: * Management CLI * xml or domain.xml * JBoss Management API * Monitor JVM and application performance with tools like: * JConsole * JMC (Java Mission Control) * JBoss CLI * Tune JVM options, garbage collection, connection pools, and thread pools. * Analyze logs (server.log, boot.log) and configure log rotation and log levels. * Apply Red Hat-provided patches and updates using RHSM or offline methods. * Maintain backup procedures for: * Configuration files * Deployed apps * Domain/host controllers (in domain mode) * Prepare and test disaster recovery procedures and environment restoration. * Integrate JBoss EAP with: * Red Hat AMQ * Connect to external systems like databases, message brokers, or logging systems (ELK stack). * Maintain up-to-date documentation on: * Configuration changes * System architecture * Patching history * Implement audit logging and track changes for compliance. * Work with DevSecOps teams to ensure EAP adheres to security best practices. * Troubleshoot: * Deployment failures * Classloading conflicts * Transaction rollbacks * Application or subsystem crashes * Interface with Red Hat Support via the Customer Portal and create support cases when needed. * Automate tasks using: * Ansible (especially Red Hat Certified Collections) * JBoss CLI scripting * Shell/Python scripts * Integrate EAP deployments with CI/CD pipelines (Jenkins, GitLab, Tekton). * Support EAP clustering, session replication, and high availability. * Manage load balancing with Apache HTTPD, mod_cluster, or HAProxy. * Manage SSL certificates and domain configurations, ensure SSL certificates are renewed on a timely manner * Stay up-to-date with JBOSS releases and new features. * Execute, test and document upgrade procedures in lower and production environments Artifactory * Deploy and configure Artifactory instances, ensuring they meet organizational requirements for scalability and high availability. * Tune Artifactory settings, implement caching strategies, and optimize storage solutions to enhance performance and scalability. * Utilize tools like Prometheus, Grafana, and JFrog Mission Control to monitor system health, set up alerts, and ensure continuous operation. * Define and manage user roles and permissions to control access to repositories and artifacts, ensuring security and compliance. * Integrate Artifactory with LDAP, SSO, or other authentication systems to streamline user management. * Integrate JFrog Xray with Artifactory to scan artifacts for security vulnerabilities and license compliance. * Implement fine-grained access control using users, groups, permissions, and permission targets. * Ensure that backups are encrypted and access-controlled to prevent unauthorized access to sensitive data. * Pipeline Integration: Integrate Artifactory with CI/CD tools like Jenkins, GitLab CI, and others to automate artifact storage and retrieval. * Implement processes to promote artifacts through different stages of the development lifecycle, such as development, staging, and production. * Develop scripts to automate routine tasks, such as repository cleanup and artifact promotion. * Set up and manage local, remote, virtual, and federated repositories to organize and control access to artifacts. * Regularly clean up repositories by removing obsolete artifacts and optimizing storage usage. * Configure repository replication and federated repositories to ensure consistent access to artifacts across geographically distributed teams. * Monitor the health and performance of Artifactory instances using integrated monitoring tools. * Generate reports on repository usage, artifact storage, and user activity to inform decision-making. * Set up proactive alerting mechanisms to detect and resolve issues promptly. Apply security patches and updates in a timely manner. DevSecOps Engineering * Embed security checks into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). * Automate code scanning, dependency scanning, and container image scanning. * Integrate tools like: * SAST (Static Application Security Testing) - e.g., SonarQube, Fortify * DAST (Dynamic Application Security Testing) - e.g., OWASP ZAP, Burp Suite * SCA (Software Composition Analysis) - e.g., Snyk, WhiteSource, Black Duck * Promote secure coding practices via developer training and secure coding guidelines. * Define and enforce security policies for app configuration, secrets, encryption, etc. * Use Infrastructure as Code (IaC) tools like Terraform or Ansible securely. * Scan IaC templates for misconfigurations (e.g., with Checkov, tfsec, Terrascan). * Secure cloud resources (AWS, Azure, GCP) using Cloud Security Posture Management (CSPM) tools. * Set up IAM policies, network segmentation, and encryption at rest/in transit. * Participate in threat modeling sessions with development teams. * Identify potential attack vectors in the architecture (e.g., privilege escalation, insecure APIs). * Prioritize and remediate identified risks based on severity and impact. * Monitor and manage vulnerabilities in: * Code * Containers * Dependencies * Infrastructure * Integrate tools like Trivy, Clair, Aqua, or Anchore into pipelines. * Track vulnerability metrics, triage findings, and enforce SLAs for remediation. * Harden container images using minimal base images and security scanning. * Enforce policies using tools like OPA/Gatekeeper, Kyverno, or PodSecurity Standards. * Configure Kubernetes RBAC, network policies, and secrets management. * Implement runtime protections with tools like Falco, Sysdig, or Kube-bench. * Develop custom scripts/tools for security automation (Python, Bash, Go). * Automate certificate management, secrets rotation, and access provisioning. * Maintain DevSecOps toolchains across dev, test, and prod environments. * Collaborate with development, QA, operations, and security teams. * Align with compliance standards (e.g., SOC 2, ISO 27001, PCI-DSS, HIPAA). * Define security policies, guardrails, and governance workflows. * Integrate security monitoring into observability platforms (e.g., ELK, Grafana, Splunk). * Enable SIEM and SOAR integrations for real-time threat detection and alerting. * Support incident response and forensics when security events occur. Qualifications: * Bachelor's degree with 12 years (or commensurate experience) Master's degree and 7 years of experience. Required Skills and Experience * Experience with JBOSS, Java EE applications, Red Hat * In-depth knowledge of Artifactory * Proven experience with DevSecOps Engineering Clearance Required: Must be able to obtain and maintain AOUSC Public Trust Preferred Skills and Experience * Masters degree
Share this job:
