Language
Back to all jobs

DevSecOps Engineer

Open Source
ARGO
Deployment
Parsing
Identity and Access Management
GitLab
GitHub
AWS EKS
Terraform
Kubernetes
Amazon Web Services
SAML
Okta
Continuous Integration/Delivery
Structured Software
Python
Description:

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.

 

Benefit options available through Magnit Global, depending on contract factors and upon meeting requirements.

 

Overview 

We are seeking a DevSecOps engineer to help secure our AWS EKS Kubernetes environment and CI/CD pipeline as we prepare for a FedRAMP High audit. We run 350 container images on AWS EKS. FedRAMP expertise is not required, but deep familiarity with container technology and security is essential. 

 

Responsibilities 

  • Upgrade vulnerable containers in collaboration with the DevSecOps team, testing and promoting updates to production.
  • Apply cloud hardening and maintain Terraform/Ansible code to enforce security settings across AWS services and Kubernetes nodes per STIG and CIS benchmarks.
  • Design and maintain automated container patching pipelines including base image refresh, rebuild triggers, and automated PR generation.
  • Build and maintain vulnerability scanning workflows using Grype and/or Trivy as pipeline gates blocking promotion of images exceeding CVE thresholds.
  • Build and manage Argo Workflows orchestrating end-to-end patch automation from scanning through remediation, rebuild, and deployment.
  • Write Python-based tooling supporting pipeline logic, scan result parsing, notification routing, and patch orchestration.
  • Own GitHub-based development workflow: branch strategy, PR creation/review, code quality standards, and merge gate enforcement.
  • Conduct code reviews ensuring changes meet security, quality, and operational standards before production promotion.
  • Maintain production readiness practices including testing, peer review, rollback procedures, and deployment validation.
  • Analyze Kubernetes IAM configurations and RBAC policies to identify overprivileged roles, misconfigurations, and deviations from least-privilege principles.
  • Review and harden Kubernetes network setup and segmentation including network policies, namespace isolation, and inter-service communication controls.
  • Audit certificate usage across the cluster and pipeline, ensuring proper issuance, validity, and automated rotation; verify secrets are rotated on schedule and not hardcoded or overexposed.
  • Scan codebases, repos, and infrastructure configs for exposed secrets using open source tools such as Hedgehog and equivalent secret detection utilities.
  • Scan S3 buckets for exposed secrets and sensitive data, remediating findings and implementing preventive controls.
  • Review network, WAF, and Istio logs to map existing traffic flows and service communication patterns in preparation for network segmentation and a deny-by-default lockdown posture.
  • Develop automations for WAF rule creation and tuning based on observed traffic patterns and threat intelligence.
  • Leverage Claude to accelerate security research, organize remediation plans, and develop Python-based tooling for non-production-impacting automation and analysis tasks.

 

Skills

Core Platform & Cloud AWS EKS, Kubernetes, Terraform, Ansible, ArgoCD, Argo Workflows, GitLab, GitHub 

Security & Compliance FedRAMP, STIG, CIS Benchmarks, RBAC, IAM, Okta/OIDC, SAML, WAF, Istio, Network Segmentation, Certificate Management, Secrets Rotation, Least Privilege 

Scanning & Tooling Grype, Anchore, Hedgehog, S3 Scanning, Vulnerability Scanning, Secrets Detection 

Development Python, CI/CD Pipelines, Code Review, PR Management, Patch Automation 

AI Claude, AI-Assisted Coding 

 

Education

Min Bachelors Degree

 

Pursuant to the California Fair Chance Act, Los Angeles County Fair Chance Ordinance for Employers, Los Angeles Fair Chance Initiative for Hiring Ordinance, and San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Criminal history may have a direct, adverse, and negative relationship with some of the material job duties of this position. These include the duties and responsibilities listed above, as well as the abilities to adhere to company policies, exercise sound judgment, effectively manage stress and work safely and respectfully with others, exhibit trustworthiness, meet client expectations, standards, and accompanying requirements, and safeguard business operations and company reputation.

QUALIFICATION/ LICENSURE :
  • Work Authorization : US Citizen
  • Travel Required : No travel required
  • Shift timings: Not specified
Job Location (Remote)
Pay USD 90.00 - USD 100.00 Per Hour
Contract Duration 6 month(s)
Apply
Related jobs
Other
Cloud Security Professional
(Remote)
3 month(s)
Artificial Intelligence
Life Cycle
Cloud Security
CISM
ITIL
+6 more
Posted: An hour ago
Apply Now
Other
Cloud Security Professional - IAM
(Remote)
3 month(s)
SAAS
Life Cycle
Software as a Service
Artificial Intelligence
Cloud Security
+7 more
Posted: 3 hours ago
Apply Now
Other
Training Coordinator – Expert Programs
Hyderabad, Telangana (On-Site)
18 month(s)
Project Management
Managing Projects
Posted: Today
Apply Now