DevSecOps Engineer

Emprise Corporation is a fast-growing company that has been serving government and commercial clients for over 36 years. We are the industry leader in Predictive Maintenance and Condition Monitoring by offering a wide set of capabilities that allow us to provide premier products and services that help our clients operate more effectively and efficiently. We're looking for a talented DevSecOps Engineer to join our Team in Chesapeake, VA. Reporting to the CIO, this position will function daily as the liaison between Engineering/Operations, Systems Development, and IT Operations & Security.

Responsibilities:

• Testing Environment Setup & Management
• Design and create standardized, efficient, and security-focused testing environments, developing and manual and automated testing configurations for internal and external systems.
• Provide setup, configuration, and support for various releases of Apache Tomcat, Apache2 & IIS configurations, Multiple Web applications, RDBMS's with various database systems and versions. Understand the configurations and properties of each and the interaction required between application layers.
• Support database configuration, administration, and content of databases for internal test platforms to mirror various remote customer sites' configurations.
• Provide Full Stack Application support to ensure that all components are configured properly, and interactions are secure, error free and optimized.
• Provide setup, configuration, and support for external performance testing events in secure labs. Includes event coordination and execution with customer personnel.
• Security & Risk Management
• Provide support for Risk Management Framework (RMF), including Boundary Diagrams, Authority to Operate (ATO), and Ports Protocols Services Management (PPSM). Maintain a thorough knowledge of the content within.
• Technical Leadership in the creation, deployment, and management of PKI Certificates (DoD, Self-Signed, etc.) for both hardware and software environments.
• Maintain awareness of vulnerabilities and security concerns of test and production environments, including internal code and its dependencies. Provide remediation support for issues as required.
• Provide input on best practices for Security and Operations in shift-left Development Process.
• Application & Device Deployment
• Perform and support application deployments to remote customer sites using delivery mechanisms such as: Proprietary Remote Transfer, Hard Copy (CD/DVD/etc.), and future WSUS Packages. Application deployments may occasionally require in person visit to a vessel for advanced environment validation or troubleshooting.
• Coordinate with responsible internal and third-party agents for packaging and testing software installations, patches and other distributions.
• Miscellaneous Day to Day
• Create, update, and present product environment configurations and supporting systems.
• Collect and analyze server and application logs of various types both locally and remotely. Provide recommendations and potential corrective actions when problems are found.
• Communicate regularly with internal and customer points of contact (verbal and written).

Required Qualifications:

• BS in an IT-related field (or equivalent experience) and 7+ years of Systems Integration/Development/Security/Operations experience
• Strong fundamentals in full-stack systems integration, network operations, Apache Tomcat and application server skills
• Experience in Systems Administration (Windows Server/Active Directory & Linux)
• Knowledge of Public Key Infrastructure and various authentication mechanisms
• High-level programming and scripting experience such as: Java, Powershell etc.
• Experience with SQL at and RDBM concepts and integration
• Experience with build/test/release management, general automation, and security processes in CI/CD pipeline
• Ability to obtain and maintain a DoD Security Clearance
• Strong verbal, written, and communication skills
• Ability to occasionally support work onboard maritime vessel pier side

Desired Qualifications:

• Experience in CMMC2.0, NIST 800-171, Microsoft 365 GCCH, Purview, Azure, Intune
• Knowledge of DevSecOps tools such as: git, Jenkins, Nesus, Nexus, Fortify, SIEM's, Black Duck etc.
• Experience with Containers and VMs with regard to DevSecOps optimized environments
• Experience with cloud platform services
• Experience with Linux and in one or more scripting languages (e.g., bash)
• Programming experience with Windows installer packages (e.g., NSIS)
• Programming experience with Tomcat internals (e.g., Valves/Filters, etc.)
• Security configuration and operations experience with OpenSSL and Apache Tomcat tcnative
• Security+ Certification