DevSecOps Engineer(REMOTE)
ROLE
We need an experienced DevSecOps Engineer at the U.S. Securities and Exchange Commission (SEC). The SEC's Division of Corporation Finance reviews public company filings to ensure investors are provided with the material information they need to make informed investment decisions. The Disclosure Review Program (DRP) System - also known as SWAT (System of Workflow and Activity Tracking) is the cloud-based platform that enables this review work, integrating with EDGAR and other SEC systems to support the review of transactional and annual filings. In this role, you will build and secure cloud infrastructure, automate CI/CD pipelines, integrate security tooling across the development lifecycle, and act as a go-to resource for secure coding practices across the development team. This is a full-time, remote opportunity. We can offer a competitive salary and a comprehensive benefits package.
RESPONSIBILITIES
- Responsible for building and configuring the system AWS cloud environments using Infrastructure as Code (IaC) best practices and integrating with security tools such as Veracode, Burp Suite to create CI/CD pipelines for deploying security compliant code.
- Deploy source code using automated pipelines built on GitHub Actions, incorporating SEC-approved IaC methodologies and adhering to Immutable Architecture principles for all deployments.
- Conduct static code analysis, dependency analysis, and container scanning using SEC-approved tooling
- Apply security patches, maintain certificates, and address vulnerabilities on a continuous basis, supporting POA&M remediation and responding to findings from security testing.
- Coach developers on secure coding practices, help IT teams safeguard cloud resources, and act as a go-to resource for all things security.
- Configure continuous cloud security monitoring and logging to ensure adherence to compliance standards.
REQUIRED SKILLS/EXPERIENCE
- Pipeline Automation (CI/CD):Experience building, managing, and securing continuous integration and deployment pipelines using tools like GitHub Actions, GitHub CI. Work with development teams to streamline workflow and support rapid build and deployment of code while maintaining version integrity.
- Security Tooling Integration:Hands-on experience automating security checks (SAST, DAST, SCA, and container/IaC scanning) directly into the developer workflow.
- Infrastructure as Code (IaC) & Containers:Proficiency with container management (Docker) and IaC tools (Terraform, Ansible) to enforce secure-by-default configurations.
- Cloud & Network Configuration and Security:Expertise in configuring and securing cloud-native AWS environments, including identity and access management (IAM) and least-privilege enforcement.
- Scripting & Programming:Fluency in automation scripting and programming languages such as Python, Java and Java frameworks.
DESIRED SKILLS/EXPERIENCE
- AI Experience:Some exposure to AI technologies including GitHub Copilot.
REQUIRED EDUCATION / CERTIFICATIONS
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
LOCATION
- Remote (Within eastern time zone)
CLEARANCE
- U.S. citizenship is required. Dual citizenship is not permitted on this contract.
- Ability to obtain SEC public trust
CLIENT
- Securities and Exchange Commission (SEC), Disclosure Review Program (DRP)
WORK HOURS
EMPLOYMENT CLASSIFICATION
- Employment Classification Eligibility - W2
RELOCATION
- Not eligible for relocation benefits
COMPENSATION
- Salary range: $120,000 - $140,000
- Benefits: Benefits package includes options for health, dental, and vision insurance coverage; 401k contribution options
