Infrastructure Automation. Develop and maintain Packer templates for creating hardened VM and container images, ensuring compliance with internal security standards.Collaborate with IT and product teams to streamline image pre-configuration for on-prem and cloud deployments.
Containerization & Orchestration. Build and manage multi-container environments using Docker Compose, Podman, and Kubernetes for application deployment.Evaluate and implement alternatives for container orchestration in secure or air-gapped environments.Create and maintain VMs both manually and via (CI/CD) provisioning.
Security Integration. Perform Black Duck scans and vulnerability assessments on source code, dependencies, and container images to meet SSDF and compliance requirements.Address identified security issues by upgrading components and mitigating risks in CI/CD pipelines.Collaborate with product security teams to enforce best practices for open-source compliance and license management.
Continuous Improvement. Integrate security scanning tools (e.g., Black Duck Detect, VMT) into Jenkins and other CI/CD platforms.Monitor and optimize performance of security tools and container platforms, ensuring minimal downtime during maintenance windows.
Documentation. Create instructions for both internal teams and customers to deploy, maintain, and upgrade images.Include documentation in the CI/CD pipeline.
Qualifications:
Bachelor's degree (or equivalent practical experience) in Computer Science, Electrical Engineering, Computer Engineering, or a related technical field.
7+ years of relevant experience in DevSecOps.
Strong experience with Packer, Docker, Docker Compose, and container orchestration tools (Kubernetes, Podman).
Experience programming with Python, bash, etc.
Proficiency in CI/CD pipelines and automation frameworks (Jenkins, GitLab CI).
Hands-on experience with security scanning tools (Black Duck, SCA solutions) and remediation workflows.
Knowledge of Linux administration and secure image creation for Debian/RHEL/Alpine environments.
Familiarity with compliance frameworks (SSDF, legal open-source reviews).
Strong collaboration skills to work with cross-functional teams (IT, Product Security, R&D).
Preferred Qualifications
Experience deploying solutions in air-gapped or high-security environments.
Understanding of cloud-native security practices and container runtime hardening.
