Role: DevSecOps Engineer
Location: Seatle WA- onsite
Duration: Long term
Description:
We are seeking a Shift-Left DevOps Engineer with expertise in integrating and optimizing GitHub Advanced Security tools, including CodeQL and Dependabot, to create a seamless, secure, and efficient DevOps environment. This role focuses on embedding security early into the development lifecycle, enhancing developer productivity, and enabling proactive, automated dependency and vulnerability management within CI/CD pipelines. The ideal candidate will have a strong DevOps background, familiarity with secure coding practices, and a commitment to a shift-left approach, empowering development teams to deliver secure code faster and more efficiently.
Key Responsibilities
Integrate GitHub Advanced Security Tools into Development Workflows:
- Configure and manage GitHub Advanced Security tools, including Dependabot and CodeQL, as part of the CI/CD process to catch issues early.
- Customize security alerts, rules, and dependency checks to provide developer-friendly feedback directly within PRs.
- Work alongside DevOps and development teams to ensure security insights from GitHub Advanced Security are actionable and optimized for developer workflows within Github.
Automate Dependency Management with Dependabot:
- Set up Dependabot to manage and automatically update dependencies, ensuring security patches are applied efficiently and with minimal manual intervention.
- Collaborate with developers to integrate Dependabot PRs into branch workflows (feature, development, and release branches) with appropriate approval gates.
- Enable automated testing for Dependabot updates to validate compatibility with the codebase, reducing dependency-related risks.
Implement and Enhance Shift-Left Practices in CI/CD:
- Integrate CodeQL analysis and other automated security checks into CI/CD pipelines for real-time feedback on code vulnerabilities and potential improvements.
- Develop processes to ensure that security checks are embedded as early as possible in the development pipeline, providing rapid feedback to developers.
- Create workflows that allow low-risk updates (such as minor dependency upgrades) to merge automatically when all tests pass, speeding up development cycles.
Optimize Developer Experience with Automation and Tooling:
- Build and maintain scripts, configurations, and dashboards that allow developers to self-manage security findings and track dependency health.
- Continuously improve feedback loops to reduce false positives, ensure clear remediation steps, and increase developer productivity.
- Design notifications and automated reminders for developers to address dependency or security issues within their PRs and feature branches.
Support Developer Enablement and Education:
- Provide support and training to developers on best practices for using GitHub Advanced Security, Dependabot, and CodeQL within their workflows.
- Host sessions on secure coding and using automation tools to build secure applications, encouraging a culture of proactive security in development.
- Develop and share documentation that simplifies the use of security tools, helping developers understand dependency and vulnerability management basics.
Collaborate on CI/CD Optimization and Automation:
- Work with DevOps and Engineering teams to optimize CI/CD processes, improving build speed, testing reliability, and deployment efficiency.
- Set up monitoring and automated reporting for key metrics, such as dependency update success rates, time-to-fix vulnerabilities, and code quality trends.
- Identify and implement automation opportunities to further streamline code quality and dependency management across development cycles.
Qualifications
Technical Expertise:
- Strong experience in DevOps, particularly with GitHub Advanced Security features like Dependabot and CodeQL, and hands-on experience integrating these tools into CI/CD pipelines.
- Proficiency in scripting (e.g., Python, Bash) and automation tools to support continuous improvement in the CI/CD and development environments.
- Knowledge of DevOps methodologies and best practices, particularly around automating testing, code quality, and dependency management.
Experience:
- 5+ years in DevOps, SRE, or similar roles with experience in development pipelines and automation.
- Proven experience in managing dependencies, security updates, and automated PRs within GitHub or similar version control systems.
- Strong understanding of CI/CD practices, with experience in streamlining workflows for developer efficiency and productivity.
Soft Skills:
- Excellent communication skills to collaborate effectively with development, DevOps, and QA teams.
- Ability to advocate for and drive shift-left practices, enabling teams to adopt security and quality checks early in the development lifecycle.
- Problem-solving skills with a focus on creating scalable, maintainable solutions that support a proactive DevOps environment.
Preferred Qualifications:
Certifications: Relevant DevOps or cloud certifications such as AWS DevOps, CKA (Certified Kubernetes Administrator), or similar.
Additional Tools: Familiarity with other DevOps and automation tools, such as Jenkins, Terraform, Docker, and Kubernetes.