Mobile DevSecOps Engineer

The client is seeking a skilled and motivated DevSecOps Engineer to support the secure development, deployment, and maintenance of a cutting-edge mobile application. The ideal candidate will have experience integrating security into DevOps pipelines, cloud-native architectures, and mobile application development. This role involves collaborating with cross-functional teams to implement security-focused practices that ensure the reliable and safe delivery of mobile application updates and features.

Responsibilities

• Secure CI/CD Pipeline Development: Design, implement, and maintain secure Continuous Integration/Continuous Deployment (CI/CD) pipelines for mobile applications. Integrate security tools for vulnerability scanning, static code analysis, and dependency management.
• Automation: Automate build, testing, deployment, and security processes for mobile platforms (iOS and Android), ensuring fast, secure, and reliable releases.
• Monitoring and Incident Response: Develop monitoring strategies and alerting mechanisms for mobile application performance and security. Support incident detection, response, and resolution for application and infrastructure vulnerabilities.
• Cloud and Container Security: Deploy and manage mobile backend services in cloud environments with a focus on containerization and securing workloads using tools like Kubernetes, Docker, and cloud-native security solutions.
• Compliance: Ensure mobile application builds and deployments meet DoD security standards, including RMF, STIGs, and other applicable frameworks. Conduct regular vulnerability assessments and manage remediation efforts.
• Collaboration and Mentorship: Partner with development teams to incorporate DevSecOps practices, providing guidance on secure coding standards, source control, and branching strategies. Mentor team members on security best practices.
• Infrastructure as Code (IaC): Use tools like AWS CloudFormation, SAM, and Terraform to automate the provisioning and security of infrastructure.
• Documentation and Training: Develop and maintain comprehensive documentation for tools, configurations, and processes. Deliver training sessions to enhance team knowledge of DevSecOps practices.

Qualifications

Required Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience).
• 5+ years of experience in DevSecOps, with a focus on mobile application development or cloud-native environments.
• Expertise with CI/CD tools such as GitLab, GitHub with integrated security tools (e.g., Snyk, SonarQube, or OWASP Dependency-Check).
• Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and securing containerized applications.
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation and security tasks.
• Strong understanding of DoD cybersecurity standards, including STIG compliance, RMF, and vulnerability management tools.
• Experience with mobile app development workflows, including tools like Xcode and Android Studio.
• Excellent problem-solving skills and attention to detail.
• Active Secret Clearance required.

Preferred Qualifications:

• Certifications such as AWS Certified Security Specialty, Certified Kubernetes Security Specialist (CKS), or CISSP.
• Experience with React Native workflow.
• Experience with mobile app testing frameworks and integrating security tests (e.g., Appium, Espresso, XCTest).
• Familiarity with secure logging, monitoring, and alerting tools (e.g., Splunk, ELK Stack, Datadog).
• Prior experience with DoD or government projects.
• Knowledge of Agile methodologies and tools like Jira or Rally.