Locations: Washington, DC Metro Area or Richmond, VA
Environment: Hybrid - 3 days onsite / 2 days remote per week.
Glocomms is partnered with a real estate analytics pioneer dedicated to transforming the industry through digital innovation - enabling people to uncover properties, insights, and connections that enhance their business and personal lives.
The client's portfolio includes over 75 other platforms and high-traffic web applications. The firm's robust platform security environment incorporates both commercial and custom-developed security controls across various platforms, including IDEs, CI/CD systems, cloud, and Kubernetes. The DevSecOps Engineer will contribute to a team employing infrastructure as code, scripting, and API integrations to implement scalable security measures consistently across all web applications. The position may range from associate to lead architect level.
Primary Responsibilities:
As part of our dynamic team, you will be responsible for building and advancing features of our product platform security suite, including:
- Providing real-time vulnerability feedback within IDEs for insecure build patterns and artifacts (including first-party code, third-party code, containers, infrastructure as code, and secrets)
- Enforcing vulnerability remediation SLAs during environment builds
- Conducting dynamic runtime scans of pre-production environments to prevent vulnerabilities from reaching production
- Performing continuous attack surface management, penetration testing, and exploit validation
- Managing cloud security posture and workload protection
- Ensuring security for cloud IAM and Kubernetes runtime controls
- Conducting cloud platform threat hunting and API security management
- Implementing WAF and Bot controls
- Integrating runtime/drift vulnerability feedback into product development teams' bug tracking systems
- Enhancing federated cloud security hardening, detection, and enforcement
- Managing data security posture
- Identifying and addressing secrets and sensitive data leakage in logs, code, and documentation
Qualifications:
- Bachelor's degree from an accredited institution, preferably in Computer Science, Cybersecurity, or a related field
- Proven track record of dedication to previous employers
- 3+ of experience in applying security at scale within CI/CD systems, Kubernetes platforms, cloud environments, or CDNs
- Proficiency in scripting or infrastructure as code using Python, PowerShell, Ansible, CloudFormation, Terraform, or similar languages
- Experience in a software development environment with mature CI/CD practices
- Strong passion for solving complex challenges, innovating, and being deeply engaged in your work
- Excellent communication skills, capable of engaging with both software development teams and leadership
- Thorough understanding of various security assessment tools
- Knowledge of infrastructure operations, including databases, networking, and system administration
- Ability to convey risk and urgency for remediation to different levels of leadership
- Capability to mentor and guide team members in prioritizing security efforts effectively
- Self-starter with the initiative to advance the application security program and follow through on ideas to completion
- Hands-on experience integrating security tools into CI/CD pipelines
- Experience with testing serverless cloud deployments
Benefits and Perks:
The client offers competitive compensation and performance-based incentives along with professional and academic growth opportunities including internal training, tuition reimbursement, and an inter-office exchange program.
The comprehensive benefits package includes:
- Medical, vision, dental, and prescription drug coverage
- Life, legal, and supplementary insurance
- Mental health counseling services, both virtual and in-person, for individuals and families
- Commuter and parking benefits
- 401(k) retirement plan with matching contributions
- Employee stock purchase plan
- Paid time off
- Tuition reimbursement
- Access to onsite fitness centers or reimbursement for fitness center memberships, with options for yoga, personal training, and group exercise classes
- Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and healthy snacks
All qualified candidates eligible to work full-time in the United States are encouraged to apply. Unfortunately visa sponsorship (including F1-OPT) is not available for this position. Candidates seeking C2C/C2H employment will not be considered.
Interested candidates must be willing to work a HYBRID (3 days/week onsite) schedule to be considered for this position.
**Company is an Equal Employment Opportunity Employer. The firm maintains a drug-free workplace and conducts pre-employment substance abuse testing.**
