DevSecOps Engineer

CAYS Inc. • Seattle, WA, US • 2w ago

Role: DevSecOps Engineer

Location: Seatle WA- onsite

Duration: Long term

Description

We are seeking a Shift-Left DevOps Engineer with expertise in integrating and optimizing GitHub Advanced Security tools, including CodeQL and Dependabot, to create a seamless, secure, and efficient DevOps environment. This role focuses on embedding security early into the development lifecycle, enhancing developer productivity, and enabling proactive, automated dependency and vulnerability management within CI/CD pipelines. The ideal candidate will have a strong DevOps background, familiarity with secure coding practices, and a commitment to a shift-left approach, empowering development teams to deliver secure code faster and more efficiently.

Key Responsibilities

Integrate GitHub Advanced Security Tools Into Development Workflows

Configure and manage GitHub Advanced Security tools, including Dependabot and CodeQL, as part of the CI/CD process to catch issues early.
Customize security alerts, rules, and dependency checks to provide developer-friendly feedback directly within PRs.
Work alongside DevOps and development teams to ensure security insights from GitHub Advanced Security are actionable and optimized for developer workflows within Github.

Automate Dependency Management With Dependabot

Set up Dependabot to manage and automatically update dependencies, ensuring security patches are applied efficiently and with minimal manual intervention.
Collaborate with developers to integrate Dependabot PRs into branch workflows (feature, development, and release branches) with appropriate approval gates.
Enable automated testing for Dependabot updates to validate compatibility with the codebase, reducing dependency-related risks.

Implement And Enhance Shift-Left Practices In CI/CD

Integrate CodeQL analysis and other automated security checks into CI/CD pipelines for real-time feedback on code vulnerabilities and potential improvements.
Develop processes to ensure that security checks are embedded as early as possible in the development pipeline, providing rapid feedback to developers.
Create workflows that allow low-risk updates (such as minor dependency upgrades) to merge automatically when all tests pass, speeding up development cycles.

Optimize Developer Experience With Automation And Tooling

Build and maintain scripts, configurations, and dashboards that allow developers to self-manage security findings and track dependency health.
Continuously improve feedback loops to reduce false positives, ensure clear remediation steps, and increase developer productivity.
Design notifications and automated reminders for developers to address dependency or security issues within their PRs and feature branches.

Support Developer Enablement And Education

Provide support and training to developers on best practices for using GitHub Advanced Security, Dependabot, and CodeQL within their workflows.
Host sessions on secure coding and using automation tools to build secure applications, encouraging a culture of proactive security in development.
Develop and share documentation that simplifies the use of security tools, helping developers understand dependency and vulnerability management basics.

Collaborate On CI/CD Optimization And Automation

Work with DevOps and Engineering teams to optimize CI/CD processes, improving build speed, testing reliability, and deployment efficiency.
Set up monitoring and automated reporting for key metrics, such as dependency update success rates, time-to-fix vulnerabilities, and code quality trends.
Identify and implement automation opportunities to further streamline code quality and dependency management across development cycles.

Qualifications

Technical Expertise:

Strong experience in DevOps, particularly with GitHub Advanced Security features like Dependabot and CodeQL, and hands-on experience integrating these tools into CI/CD pipelines.
Proficiency in scripting (e.g., Python, Bash) and automation tools to support continuous improvement in the CI/CD and development environments.
Knowledge of DevOps methodologies and best practices, particularly around automating testing, code quality, and dependency management.

Experience

5+ years in DevOps, SRE, or similar roles with experience in development pipelines and automation.
Proven experience in managing dependencies, security updates, and automated PRs within GitHub or similar version control systems.
Strong understanding of CI/CD practices, with experience in streamlining workflows for developer efficiency and productivity.

Soft Skills

Excellent communication skills to collaborate effectively with development, DevOps, and QA teams.
Ability to advocate for and drive shift-left practices, enabling teams to adopt security and quality checks early in the development lifecycle.
Problem-solving skills with a focus on creating scalable, maintainable solutions that support a proactive DevOps environment.

Preferred Qualifications

Certifications: Relevant DevOps or cloud certifications such as AWS DevOps, CKA (Certified Kubernetes Administrator), or similar.

Additional Tools: Familiarity with other DevOps and automation tools, such as Jenkins, Terraform, Docker, and Kubernetes.