SkillBridge - DevSecOps Engineer

About The Weather Company:

The Weather Company is the world’s leading weather provider, helping people and businesses make more informed decisions and take action in the face of weather. Together with advanced technology and AI, The Weather Company’s high-volume weather data, insights, advertising, and media solutions across the open web help people, businesses, and brands around the world prepare for and harness the power of weather in a scalable, privacy-forward way. The world’s most accurate forecaster globally, the company reaches hundreds of enterprise clients and more than 360 million monthly active users via its digital properties from The Weather Channel (weather.com) and Weather Underground (wunderground.com).

Job brief:

The DevSecOps Engineer will play a key role, working with the core application engineering team and the cybersecurity lead to ensure that all DROP Platform offerings meet security and compliance goals.
This position is part of the Department of Defense (DoD) SkillBridge Program. SkillBridge provides active-duty service members the opportunity to gain civilian work experience during their last 180 days of service.
Applicants must be active-duty military, within 180 days of separation, and receive approval from their command to participate.

The impact you'll make:

• Set up and automate regular system patching
• Set up and automate static and dynamic code scanning
• Set up and automate vulnerability scanning
• Automate the creation of tickets and the production of evidence from scanning tasks
• Automate change management processes
• Build security and compliance dashboards and reports
• Perform security reviews on build environments and ensure all systems are maintained with the latest patches, and that security best practices are being followed
• Participate in agile/scrum processes to help ensure that security deliverables are triaged, prioritized, and slipstreamed into product delivery processes
• Collaborate and coordinate with 3rd party security consultants.
• Manage audit processes and triage results with the team.

What you've accomplished:

• 5+ years of professional experience as a DevSecOps engineer
• Deep understanding of build automation processes and tools (GitHub Actions, Vercel, Jenkins, TravisCI)
• Expertise with container technologies (Docker, Kubernetes, Helm)
• Experience with different compliance standards (SOC2, CMMC, NIST, ISO)
• Familiarity with the Department of Defense (DoD) Impact Level 6
• Ability to script/code in at least two of the following languages: bash, perl, python, ruby, groovy, JavaScript, PHP
• Solid understanding and experience with APIs (REST, XML, JSON)
• Extensive experience with at least one cloud provider (AWS, Azure)
• Experience with security tooling (Checkmarx, OWASP Zap, Skyk, Dependabot)
• Familiarity with issue tracking systems, especially JIRA
• Good communication and organizational skills
• Self-starter, open to learning new skills and accepting new challenges