We are seeking a DevOps Software Developer experienced in Build and Release Engineering, Secure Software Development, and Software Supply Chain Risk Management (SCRM) in alignment with ISO 27001, NIST SP 800-161, and NIST SP 800-171 standards. This role unites software engineering, automation, and compliance, building secure, traceable, and compliant software pipelines across hybrid (on-prem + cloud) environments.
Requirements
- Design, develop, and maintain automated build and release pipelines for multi-tier applications.
- Manage version control systems and branching strategies; maintain artifact repositories (e.g., Jfrog Artifactory).
- Develop and optimize build scripts and automation tools using Python, Bash, CMake, or Gradle.
- Implement build verification, automated testing, and code signing for secure releases.
- Ensure traceability and reproducibility of builds
- Architect and maintain CI/CD pipelines with Jenkins, GitLab CI, or GitHub Actions.
- Use Infrastructure as Code (IaC) tools such as Terraform, Ansible, or Terraform for consistent infrastructure deployment.
- Automate environment configuration, monitoring, and policy enforcement to meet compliance standards.
- Integrate security and compliance validation into CI/CD workflows.
- Support hybrid deployments across on-prem, virtualized, and cloud environments
- Manage and maintain on-premises servers and virtualization platforms (VMware vSphere/ESXi, KVM, or OpenStack).
- Automate provisioning and orchestration for VMs, containers, and networks.
- Monitor system performance, resource utilization, and capacity planning.
- Implement network segmentation, secure connectivity, and identity/access controls in compliance with ISO 27001 Annex A controls.
- Participate in infrastructure hardening, patch management, and disaster recovery planning.
- Implement secure software supply chain practices per NIST SP 800-161r1 and NIST SP 800-171.
- Maintain and validate Software Bills of Materials (SBOMs) using tools like BlackDuck
- Identify and mitigate vulnerabilities in open-source and third-party dependencies.
- Enforce artifact provenance, cryptographic integrity checks, and chain-of-custody documentation across builds.
- Contribute to secure procurement and vendor assurance processes under ISO 27001 and NIST frameworks.
- Implement and maintain compliance with ISO 27001, NIST SP 800-161 and NIST SP 800-171
- Integrate security baselines, vulnerability management, and code assurance tools into the DevOps workflow.
- Maintain audit trails, change records, and compliance documentation for ISO/NIST audits.
- Collaborate with QA, Security, and Compliance teams to continuously improve the secure development lifecycle (SDLC).
Benefits
- Medical
- Dental
- Vision
- Life and disability insurance
- 401(k)
- 11 paid holidays
- Vacation time
- Sick time
- Comprehensive leave program
