DevSecOps Lead

XOR Security is currently seeking talented Development Security Operations (DevSecOps) Lead to support the DHS ESOC Program.

• Team Lead of a small DevSecOps team
• Develop, document, and implement CI/CD strategy for management of Infrastructure as Code (IaC) baseline
• Develop and document shared infrastructure component management strategy to provide consistent standardized container, OS, and application baselines for infrastructure components available through self-service
• Identify requirements, develop, document, and implement branching strategy to support change management requirements while automating as much of the deployment process as practical in the (IaC) CI/CD pipeline.ie. Selenium, Prometheus or Cucumber or various DevSecOps functioning to include system debugging.
• Review, debug, and resolve technical issues throughout all stages of SDLC
• Assist with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions
• Measure effectiveness of process improvement and automation efforts via metrics and KPIs
• Leading a team in a rapidly changing environment; seeking diverse views; coaching staff providing timely and meaningful feedback.
• Perform integration activities to connect with 3rd party software APIs
• Design, implement, and maintain efficient and reusable Python code
• Work with stakeholders to develop requirements and deliverables
• Communicates with project manager on a frequent basis. Identifies tasks and issues that may have an impact on service levels or schedules. Provides realistic task and cost estimates.
• Maintains a current and working knowledge of IT development methodology, architecture design, and technical standards. Mentors IT staff and identifies training needs. As new standards are instituted, ensures their usage by team members.
• Communicates with other technical leads, IT groups, and clients so they understand the project's technical implications, dependencies, and potential conflicts. Evaluates the impacts of change requests on own/shared technologies and effectively persuades and influences others on ideas.
• Reviews and approves documentation and diagrams created by IT team members (e.g., system specifications). Writes documentation, including technical standards and processes.
• Ability to enable simplification and efficiencies by identifying opportunities to leverage systems and investments across business areas and territories.
• CASP, GCIH, GCWN, GISF, GISP, GSSP, GICSP, GSSP, SEI, CISSP, CSSLP, SSCP, CCNP, CCNP Security, CCIE Security, CEH, ECSP, MCSE, RHCA, RHCE, VCP, VCAP, VCIX, VCDX, Splunk Enterprise Certified Architect

Basic Qualifications:

-Experience leading teams in a rapidly changing environment; seeking diverse views; coaching staff providing timely and meaningful feedback.
-Experience with VMware & Ansible/Ansible Tower
-Extensive experience in design and automation of security tools and processes
-Extensive experience in development, APIs, and scripting language support
-Experience implementing and maintaining services in a CI/CD pipeline
-Experience working in an Agile development environment
-Working knowledge of REST APIs, JSON, HTML/CSS, Javascript, XML
-Department of Homeland Security ESOC employees are required to obtain an Entry on Duty (EOD) clearance to support this program.
-Communicates with project manager on a frequent basis. Identifies tasks and issues that may have an impact on service levels or schedules. Provides realistic task and cost estimates.
-Maintains a current and working knowledge of IT development methodology, architecture design, and technical standards. Mentors IT staff and identifies training needs. As new standards are instituted, ensures their usage by team members.
-Communicates with other technical leads, IT groups, and clients so they understand the project's technical implications, dependencies, and potential conflicts. Evaluates the impacts of change requests on own/shared technologies and effectively persuades and influences others on ideas.
-Reviews and approves documentation and diagrams created by IT team members (e.g., system specifications). Writes documentation, including technical standards and processes.
-Ability to enable simplification and efficiencies by identifying opportunities to leverage systems and investments across business areas and territories.

Desired Qualifications:

-Experience with data administration such as S3 storage pools
-Experience working in AWS and Azure
-Experience with SOAR platforms such as Swimlane, Phantom, Demisto, etc.
-Experience as a SOC Analyst and/or Incident Responder
-Authoring SOC SOPs, playbooks, work instructions and/or other process documents
-Working knowledge of Java

Closing Statement:

XOR Security offers a very competitive benefits package including health insurance coverage from first day of employment, 401k with a vested company match, vacation and supplemental insurance benefits.

XOR Security is an Equal Opportunity Employer (EOE). M/F/D/V.

Citizenship Clearance Requirement
Applicants selected may be subject to a government security investigation and must meet eligibility requirements - US CITIZENSHIP REQUIRED