DevSecOps Engineer

As a DevSecOps Engineer at Auria, your primary responsibilities will encompass designing and implementing solutions for building, testing, and deploying containerized microservices. Additionally, you will enhance CI/CD operations across multiple cloud service environments, support software quality efforts, and conduct automated system testing and deployment. You'll become an integral part of our cloud-based and on-premises software factory, so your work will have a lasting impact on our SATCOM initiatives.

To excel as a DevSecOps Engineer at Auria, candidates should possess strong programming skills in languages such as Bash, YAML, Python, and PowerShell. Familiarity with tools like GitLab, Ansible, Terraform, Nexus, and Jenkins is crucial. Experience with AWS cloud deployment and knowledge of application security concepts are highly beneficial as well. Additionally, the successful candidate should have excellent organizational abilities and be able to work within an agile development framework.

The salary range for a DevSecOps Engineer at Auria varies between $93,000 and $145,000, depending on the engineer's level and experience. Those at Engineer Level 3 will typically need a Bachelor's degree and seven years of relevant experience, or a Master's degree with at least four years. For Engineer Level 4, a Bachelor's degree with 12 years or a Master's with nine years of experience is expected.

Auria offers a range of attractive benefits for DevSecOps Engineers, including a generous PTO package that increases with tenure, flexible work policies, and 11 company-paid holidays each year. Additionally, the company provides a solid 401(k) matching plan, tuition assistance for further education, low-cost medical plans, life insurance coverage, and an Employee Assistance Program, among other perks.

Candidates for the DevSecOps Engineer position at Auria should have a strong technical background, ideally with a Bachelor's degree in a related field coupled with several years of relevant experience. A current U.S. Government SECRET security clearance is also required. The ideal candidate will be fluent in DevSecOps practices, have experience with software development and automation, and demonstrate a knack for working in teams as well as independently.

DevSecOps integrates security into the DevOps process, ensuring that security is a shared responsibility from the early stages of development. For a role like the DevSecOps Engineer at Auria, it is crucial to convey that adopting a 'Security First' mindset helps in minimizing vulnerabilities and ensuring compliance. Stress how proactive security measures can foster trust among users and stakeholders while enhancing the software lifecycle.

When discussing your experience with CI/CD pipelines, detail specific tools and technologies you've used, such as Jenkins or GitLab. Explain how you've implemented CI/CD practices to enhance deployment speed while maintaining software quality. Offer examples that showcase overcoming challenges in pipeline automation, along with the positive outcomes achieved.

To effectively ensure security integration within the development pipeline, highlight practices such as regular security assessments, application of secure coding standards, and the use of tools that facilitate vulnerability scanning. Describe specific methodologies you use and emphasize the collaborative approach with development and operations teams to think about security at every stage.

Bringing up a real-world challenge demonstrates your problem-solving skills. Discuss a scenario where you had to deal with unexpected security vulnerabilities in deployment or a conflict regarding toolchain decisions. Explain the steps you took to resolve the issue, how you collaborated with your team, and what the long-term impact was on process improvement and security practices.

Mention specific testing frameworks and tools you have worked with, such as Selenium or TestNG. Discuss the role these tools played in your previous projects—especially in automated testing for both unit and integration tests—and how they helped in enhancing code quality throughout the CI/CD pipeline.

It's important to approach disagreements constructively. Explain that you'd first seek to understand their perspective and then present data or documented best practices to support your viewpoint. Emphasize the importance of collaboration and compromise, focusing on achieving a solution that prioritizes security while maintaining development efficiency.

Discuss your proficiency in languages like Bash, Python, or PowerShell, and provide insights into why these are particularly effective for automation tasks. Mention specific use cases or scripts you've created for deploying applications or managing infrastructure, showcasing your technical comfort and adaptability.

In discussing your experience with IaC, focus on tools you've used, such as Terraform or CloudFormation. Illustrate how employing IaC has improved consistency and reduced the chances of errors by facilitating infrastructure deployments through code. Providing examples of successful projects will reinforce your capabilities.

Keeping skills up-to-date is crucial in the tech field. Discuss strategies such as engaging with online courses, attending workshops or conferences, contributing to open source, and participating in professional communities. Highlight your proactive nature and enthusiasm for learning about emerging trends, tools, and best practices.

Demonstrate your understanding by discussing key concepts like threat modeling, secure coding practices, and vulnerability management. Highlight your experience with security frameworks and standards relevant to DevSecOps, such as NIST or OWASP. Being able to explain these concepts will showcase your depth of knowledge in addressing security throughout the software development lifecycle.