DevSecOps Architect

Red River is seeking a Development Security Operations (DevSecOps) consultant to help architect and build functional systems that improve Red River and customer outcomes. The DevSecOps consultant's responsibilities will include establishing architectures for our customers which support deploying product updates, identifying production issues, and implementing integrations that meet customer needs, in addition to leading the states of build, deployment, and runtime security in Red River's and our customers’ cloud and on premises environments. Ultimately, you will participate in a team to solution, execute, automate, and manage operational processes fast, accurately, consistently, repeatedly, and securely.Position Responsibilities

Work with multi-discipline teams within Red River and our partners to understand requirements and to architect DevSecOps solutions

Create content to support the education and planning of DevSecOps efforts for both internal and external consumers

Collaborate with architecture, engineering, and security teams on technical alignment

Review any existing DevSecOps processes and policies, and assess to provide improvements

Work with Engineering and Solution Architects in architecture of solutions for internal and customer specific DevSecOps offerings within capabilities, systems, and solutions

Participate in meetings with internal or external partners or customers for subjects aligned with DevSecOps

Evaluate Request for Proposal (RFP) and Request for Information (RFI) efforts, providing DevSecOps content for potential Red River response

Evaluation of solutions for fit with customer needs

Research, prototype, experiment, and assess multiple solutions to evaluate the pros and cons of alternative DevSecOps architectures and tools, including multi-cloud or hybrid solutions

Minimum Education/Certification/Experience Requirements:

Bachelor's or Graduate Degree in Computer Science, Mathematics, Physics, or equivalent

10+ years of experience with using and engineering DevSecOps with related technologies

DevSecOps experience with on-prem deployments and deployments in major MSP’s such as AWS or Azure, ideally in multiple clouds

Development, test, security, and cloud including IaaS, PaaS and SaaS

Background in Research, Development, Test, and Evaluation (RDT&E) and architecture

Secure coding techniques, assessing vulnerabilities, remediation, security technologies and sensitive/protected data regulations/compliance for Personally Identifiable Information (PII) and asset data protection

Experience with PlatformOne or equivalent framework

DevSecOps conceptual to hands-on for designing, prototyping, assessment, and solutions

Comparative design alternatives and cost-benefits analysis of DevSecOps solutions through detailed and formalized architectural methods

Hands on experience creating and maintaining DevSecOps environments/solutions

Formulate, and enforce through guidance, designs to developers and engineers to build and vet DevSecOps capabilities and solutions

Understanding of static, dynamic, and interactive application security testing within a system development life cycle

Understanding of automation, testing, orchestration, and configuration management with tooling such as Jenkins, Robot Framework, Cucumber, Selenium, Ansible, Puppet or Chef

Understanding of testing for complex, integrated, single to multi-tier applications, databases, UI, networking, and hardware including capacity, performance, scaling, distribution, and impairments

Experience in security and quality scanning with tooling such as Nessus, OWASP, or SonarQube

Understanding of authentication and authorization such as SAML, JWT, OAuth2, OIDC, or 2FA/MFA

Experience with integration and use of monitoring, alerting, reporting and analytics platforms such as Splunk, ELK or equivalent

Prefer experience with asset management and workflows in tools such as ServiceNow

Infrastructure as Code (IaC) and Configuration as Code (CaC) understanding

Experience with version and source control management

Familiarity with Agile, Scrum, Continuous Integration and Continuous Delivery/Deployment (CI/CD) and SAFe within Software/System Development Lifecycle (SDLC) plus Key Performance Indicators (KPIs), metrics and Service Level Agreements (SLAs) with experience in teams from design, through build and test

Large complex enterprise experience – thousands of hosts, multiple complex applications, technical resources, strict process control, and regulatory compliance

Experience working with Federal Customers

Understanding of FedRAMP, FISMA, DoD Impact Levels and NIST security guidance

Ability to convey and train others in DevSecOps capabilities and solutions

Preferred experience with architecture methods and frameworks including BPMN, FEAF, DoDAF, and UML

Preferred understanding/experience with risk assessments such as RMF

Preferred understanding/experience with design assessment such as CBAM and ATAM

Preferred Cybersecurity certification such as CISSP, CEH or other related

Preferred DevOps, DevSecOps, cloud or architecture certification(s)

Has or is willing to get a Clearance

#DCERed River offers a competitive salary, excellent benefits and an exceptional work environment. You can review our benefit offerings here (https://redriver.com/wp-content/uploads/2022/01/Benefits-At-A-Glance-2022.pdf) . If you are ready to join a growing company, please submit your resume and cover letter (optional).EOE M/F/DISABLED/VetRed River is an equal opportunity employer and makes employment decisions based on business needs, job requirements and individual qualifications, without regard to race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity or expression, marital status, age, family medical history or genetic information, disability, past or present military service, or any other characteristics protected under the laws applicable in the locations where Red River operates. Red River will not tolerate discrimination or harassment based on any of these characteristics.Red River does not accept unsolicited resumes from individual recruiters or third party recruiting agencies in response to job postings or otherwise. Placement fees will not be paid to any recruiter unless Red River has an active agreement in place with the recruiter and such a request has been made by the Red River Talent Acquisition team and such candidate was submitted to the Red River Talent Acquisition Team via our Applicant Tracking System. Any unsolicited resumes or other data submitted to Red River in violation of this policy may be used by Red River without obligation to pay any fees of any kind to the recruiter.Red River brings together the ideal combination of talent, partners and products to disrupt the status quo in technology and drive success for business and government. Red River serves organizations well beyond traditional technology integration, with more than 20 years experience in security, networking, analytics, collaboration, mobility and cloud solutions. Our operations, support, sales and technical teams all work together to create a positive impact on citizens, soldiers, consumers and employees. That’s what it means to Rock the Red. Are you ready?

We work with purpose, looking to disrupt the status quo in meaningful ways.

We act with integrity, showing respect for all and demonstrating our commitment to ethics

We value collaboration and work as a team to accomplish goals

We elevate creativity, and support curiosity to re-imagine the use of technology

We have a strong work ethic, and seek continuous improvement in all we do

We embrace philanthropy, working together to drive positive change and lasting impact within communities around us