DevSecOps Engineer
checkmarx
Job Description
- Design, implement, and automate secure, scalable infrastructure for Checkmarx One™ environments, ensuring scale, high availability and compliance with FedRAMP requirements.
- Develop and maintain CI/CD pipelines with a focus on secure software supply chain practices (e.g., SBOMs, signing, verification).
- Harden Kubernetes-based deployments by building and enforcing security controls using Kubernetes Operator Framework, Network Policies, and Pod Security Standards.
- Integrate and manage observability and security monitoring tools, such as Fluent Bit, ELK, Grafana, Prometheus, and cloud-native security tooling (e.g., AWS GuardDuty, Inspector).
- Collaborate with application security, product engineering, and compliance teams to define and enforce DevSecOps best practices.
- Conduct threat modeling and risk assessments of infrastructure changes and implement remediation strategies as needed.
- Lead the adoption of secure-by-default templates infrastructure-as-code (AWS CDK, Terraform, etc.) reusable automation.
- Assist in evidence collection and environment preparation for FedRAMP audits and continuous monitoring.
Requirements
Requirements
- 3-5 years of experience as a DevOps, Site Reliability, or Platform Engineer with a strong focus on security (DevSecOps).
- In-depth experience securing production environments on AWS (or other major clouds) using least privilege, identity federation, VPC security, etc.
- Proven expertise with Kubernetes and the Operator Framework, including workload security hardening, admission controllers, and custom operators.
- Strong knowledge of CI/CD and infrastructure-as-code tools such as Jenkins, GitHub Actions, CircleCI, AWS CDK, or Terraform.
- Experience building and managing secure containerized environments using Docker, Helm, and Argo CD.
- Proficiency in at least one programming or scripting language (Python, Bash, or Go) with emphasis on automation and secure coding.
- Familiarity with compliance frameworks such as FedRAMP, SOC 2, or ISO 27001, and how they apply to cloud-native architectures.
- Experience integrating security observability and logging systems (e.g., Fluent Bit, ELK, Prometheus, AWS CloudTrail).
- Strong analytical and problem-solving skills with a security-first mindset.