Platform Engineer (DevSecOps)

About Hunter Strategy

Hunter Strategy has a unique philosophy to technical project delivery. We treat all our customers like mission partners because they rely on our team to meet their objectives through complex software engineering, cloud operations, and cyber risk management solutions. Hunter Strategy was founded on the premise that IT is 21st century infrastructure - critically important but only instrumentally valuable. Accordingly, our teams look at problems with a single objective: the identification and enablement of the right capability to address the most vexing problems our Mission Partners face. We continue to support our partners' success by leveraging the right technology, with the right plan, and the right team to address tomorrow's challenges today.

A DevSecOps Engineer's role typically involves integrating security practices throughout the software development lifecycle within a Scrum framework. This role requires expertise in security automation, compliance monitoring, cloud networking, and continuous integration/continuous deployment (CI/CD) pipelines to ensure applications meet security standards while maintaining rapid development cycles. The position involves close collaboration with development teams, security officers, and stakeholders to deliver secure, compliant applications through iterative development processes.

·  Security Integration: Implement and maintain security controls throughout the development pipeline, ensuring security is embedded in every phase of the software development lifecycle.

· Compliance Management: Work closely with Information System Security Officers (ISSO) to review Security Technical Implementation Guides (STIGs) and support Authority to Operate (ATO) processes to ensure applications comply with security standards and regulatory requirements.

· CI/CD Pipeline Security: Design, implement, and maintain secure CI/CD pipelines with automated security testing, vulnerability scanning, and compliance checks integrated into deployment workflows.

· Scrum Process Participation: Actively participate in Scrum ceremonies including sprint planning, daily standups, sprint reviews, and retrospectives while providing security guidance and story point estimates for security-related tasks.

· Vulnerability Management: Conduct regular security assessments, vulnerability scans, and penetration testing while coordinating remediation efforts with development teams.

·  Infrastructure as Code: Develop and maintain secure infrastructure configurations using Infrastructure as Code (IaC) principles with automated security policy enforcement.

·  Security Monitoring: Implement and manage security monitoring tools, logging systems, and incident response procedures to detect and respond to security threats in real-time.

· Cloud Networking: Design and implement cloud network architecture using industry best practices and adhering to security boundaries established by an approved or proposed Authority to Operate (ATO).

· Risk Assessment: Perform security risk assessments, threat modeling, and security architecture reviews to identify and mitigate potential security vulnerabilities.

· Documentation and Training: Create security documentation, procedures, and provide security training to development teams while maintaining compliance artifacts for audit purposes. Additionally, create and manage network and infrastructure diagrams and supporting documentation.

· DevSecOps Expertise: Strong experience in DevSecOps practices, security automation, and secure software development with proven track record in enterprise environments.

· Scrum Methodology: Deep understanding of Scrum principles and agile development practices with experience integrating security requirements into sprint planning and user story development.

· Security Standards Knowledge: Extensive knowledge of STIGs, NIST frameworks, ATO processes, and federal security compliance requirements with experience working alongside ISSOs and security teams.

· CI/CD and Automation: Proficiency in CI/CD tools (Jenkins, GitLab CI, DevOps), containerization (Docker, Kubernetes), and infrastructure automation (Terraform, Ansible, CloudFormation).

· Cloud Security: Experience with cloud security platforms (AWS Security Hub), cloud-native security tools, and multi-cloud security strategies.

· Cloud Networking: Experience in designing and implementing network layer cloud infrastructure in AWS.

· Programming and Scripting: Proficiency in scripting languages (Python, Bash, PowerShell) and experience with security testing frameworks and static/dynamic analysis tools.

· Security Tools Proficiency: Experience with vulnerability scanners (Nessus, OpenVAS), SAST/DAST tools, container security scanning, and security orchestration platforms.

· Communication and Collaboration: Excellent communication skills to work effectively with cross-functional Scrum teams, security officers, compliance teams, and stakeholders in fast-paced development environments.