Job Information
Metropolitan Council Security Engineer (DevSecOps) in 390 Robert St. N St. Paul, Minnesota
Security Engineer (DevSecOps)
Print (https://www.governmentjobs.com/careers/metrocouncil/jobs/newprint/4595056)
Apply
Security Engineer (DevSecOps)
Salary
See Position Description
Location
390 Robert St. N St. Paul, MN
Job Type
Full-Time
Job Number
2024-00175
Division
Regional Administration
Department
IS-Admin
Opening Date
09/06/2024
Closing Date
9/22/2024 11:59 PM Central
Description
Benefits
Questions
WHO WE ARE
We are theMetropolitan Council, the regional government for the seven-county Twin Cities metropolitan area. We plan 30 years ahead for the future of the metropolitan area and provide regional transportation, wastewater, and housing services.More information about us on our website. (https://metrocouncil.org/About-Us/The-Council-Who-We-Are.aspx)
Information Servicesis the central IT department supporting all divisions of the Metropolitan Council. Our 140 team members provide technology, practices and innovative solutions that enable the core services of the Council.
We are committed to supporting a diverse workforce that reflects the communities we serve.
How your work would contribute to our organization and the Twin Cities region:
We are seeking a highly skilled and motivated Azure-focused DevSecOps Engineer to join our team to help us build secure, scalable, and efficient development environments.
In this DevSecOps role, you'll be responsible for safeguarding sensitive data by ensuring that all live data in non-production environments is obfuscated or anonymized. You'll implement encryption for data at rest and in transit using Azure's encryption services and enforce strict access controls with Azure AD and Azure Monitor. Additionally, you'll perform regular compliance checks, manage privileged access, and ensure that development environments adhere to PCI-DSS standards, maintaining robust data security and compliance across the organization.
Full Salary Range: $42.79 - $69.41 hourly/$89,003 - $144,373 annually
This position is eligible for a hybrid (both remote and onsite) telework arrangement. Candidate's permanent residence must be in Minnesota or Wisconsin.
What you would do in this job
Architect and Implement Secure Development Environments:
Design, implement, and manage secure, scalable development environments on Azure.
Develop and enforce security best practices in the development lifecycle, specifically within Azure services.
Ensure compliance with industry standards and regulations, leveraging Azure Policy and Azure Blueprints.
Container Development Best Practices:
Develop and maintain containerization strategies using tools like Docker and Kubernetes within Azure Kubernetes Service (AKS).
Implement container security best practices, utilizing Azure Security Center and Azure Defender for Containers.
Automate container deployment and management processes using Azure DevOps and AKS.
Ensure containers do not run with root or local admin privileges and that minimal permissions are granted.
Regularly update and patch container images to mitigate vulnerabilities.
Infrastructure as Code (IaC):
Develop and maintain infrastructure as code using tools like Terraform, Ansible, or Azure Resource Manager (ARM) templates.
Ensure IaC scripts are secure, scalable, and maintainable, leveraging Azure DevOps for CI/CD pipelines.
Collaborate with development and operations teams to automate infrastructure provisioning and management on Azure.
Secure Development and Testing Provisions:
Provide developers with secure environments to build and test applications on Azure.
Implement tools and processes that enable secure development without local admin rights, using Azure AD and Azure RBAC.
Conduct regular security assessments and audits using Azure Security center to ensure a secure development environment.
Obfuscate live data used in development and testing environments to prevent unauthorized access to sensitive information.
Use Azure Key Vault and privileged access management (PAM) tools to manage secrets, keys, and certificates securely.
Data Security and Compliance:
Ensure all live data used in non-production environments is obfuscated or anonymized to protect sensitive information.
Implement data encryption at rest and in transit using Azure's encryption services.
Maintain strict access controls and monitor access to sensitive data, leveraging Azure AD and Azure Monitor.
Perform regular compliance checks and audits to ensure adherence to data protection regulations and internal policies.
Implement and manage privileged access management (PAM) solutions to control and monitor elevated access rights across the environment.
Ensure development methodologies and environments maintain PCI-DSS compliance.
What education and experience are required for this job (minimum qualifications)
Any of the following combinations of education (in Systems Security or related) and experience in the design, installation, operation, and troubleshooting of wired and wireless network equipment and related infrastructure:
Bachelor's degree and 5 years of experience.
Associate's degree and 7 years of experience.
High school diploma/GED and 9 years of experience.
Relevant experience includes:
Architecting and implementing secure development environments.
Container development and orchestration using Docker and Kubernetes.
Infrastructure as code (IaC) tools such as Terraform, Ansible, or Azure Resource Manager (ARM) templates.
CI/CD pipelines and tools like Azure DevOps, Jenkins, or GitLab CI.
Security best practices in software development and infrastructure management, particularly within the Azure ecosystem.
Azure cloud services, including Azure Active Directory, Azure Security Center, and Azure Key Vault.
What additional skills and experience would be helpful in this job (desired qualifications):
Relevant certifications such as Certified Kubernetes Administrator (CKA), AWS Certified DevOps Engineer, or similar.
Experience with monitoring and logging tools like Prometheus, Grafana, or ELK Stack.
Knowledge of compliance frameworks such as GDPR, HIPAA, or PCI-DSS.
Excellent problem-solving skills and the ability to work independently as well as collaboratively.
Strong communication skills and the ability to explain complex technical concepts to non-technical stakeholders.
Ability to work and collaborate with teammates and stakeholders with diverse viewpoints and backgrounds.
What knowledge, skills, and abilities you should have within the first six months on the job:
- Knowledge of Metropolitan Council policies and procedures.
What you can expect from us:
We offer the opportunity to make a difference and positively influence the Twin Cities metropolitan area.
We encourage our employees to develop their skills through on-site training and tuition reimbursement.
We provide a competitive salary, excellent benefits and a good work/life balance.
More about why you should join us! (http://metrocouncil.org/Employment/Making-A-Difference.aspx)
Additional information
Union/Grade: AFSCME/Grade I
FLSA Status: Exempt
Safety Sensitive: No
Work Environment:
Work is performed in a standard office setting. May require travel between primary worksite and various locations on short notice to resolve computer system problems.
If you are new to the Metropolitan Council, you must pass a drug test (safety sensitive positions only), and a background check which verifies education, employment, and criminal history. A driving record check and/or physical may be conducted if applicable to the job. If you have a criminal conviction, you do not automatically fail. The Metropolitan Council considers felony, gross misdemeanor and misdemeanor convictions on a case-by-case basis, based on whether they are related to the job and whether the candidate has demonstrated adequate rehabilitation.
If you are already an employee of the Metropolitan Council, you must pass a drug test (if moving from a non-safety sensitive position to a safety sensitive position) and criminal background check if the job you're applying for is safety sensitive, is a supervisory or management job, is in the Finance, Information Services, Audit, or Human Resources departments, or has access to financial records, files/databases, cash, vouchers or transit fare cards. A driving record check and/or physical may be conducted if applicable to the position.
Security Policy:
This position involves direct access to Criminal Justice Information (CJI) as defined by the FBI CJIS (Criminal Justice Information Services) Security Policy. In accordance with section 5.12.1.1 of the FBI CJIS Security Policy, final candidates if applicable must be willing to submit to a state of residence and national fingerprint-based record check. If the result of the record check reveals criminal convictions, the nature and circumstances of those convictions will be reviewed by the Metropolitan Transit Police Department and/or the Minnesota Bureau of Criminal Apprehension to determine if access to Criminal Justice Information would be permissible. If it is determined that access to Criminal Justice Information would not be permissible, the candidate will no longer be eligible for this position.
IMPORTANT: If you make a false statement or withhold information, you may be barred from job consideration.
The Metropolitan Council is an Equal Opportunity, Affirmative Action, and veteran-friendly employer. The Council is committed to a workforce that reflects the diversity of the region and strongly encourages persons of color, members of the LGBTQ community, individuals with disabilities, women, and veterans to apply.
If you have a disability that requires accommodation during the selection process, please email HR-OCCHealth@metc.state.mn.us.
We believe our employees are a key to our agency's success! In order to attract and retain high quality employees, the Council provides a highly competitive benefits package both in choice and coverage levels. Some highlights about our benefits are listed below:
Guaranteed monthly retirement income through Minnesota State Retirement System pension fund
Opportunity to save additional funds for retirement on a tax-deferred basis through a voluntary deferred compensation (457) plan
Two or more medical plans from which to choose, with employer contribution towards premiums over 80%
Dental insurance, life insurance and vision insurance
The following benefits are provided to all employees as part of working for the Council. You will have access to free:
Well@Work clinic
bus/rail pass valued at over $1200 per year
parking at many job locations
fitness centers at many job locations
Employee Assistance Program
extensive health and wellness programs and resources
01
Applicant Instructions: It is important thatyour application shows all relevant education and experienceyou possess. The supplemental questions listed below are to further evaluate your education and experience and to determine your eligibility for this position. Answer each question completely, and please do not type "see resume" otherwise your application will be considered incomplete, and you will not receive further consideration for this position. The experience you indicate in your responses should also be consistent with the Work History section of this application. If you attach a resume and/or cover letter to your application, it will be reviewed at the education and experience review step. I have read and understand the above instructions regarding my application and supplemental questions.
Yes
No
02
How did youfirsthear about this job opening?
CareerForce Center
Community Event/Organization
Employee Referral
Facebook
Glassdoor
Indeed
Job Fair
LinkedIn
Metro Transit Bus Advertisement
Twitter
Website: governmentjobs.com
Website: metrocouncil.org
Website: metrotransit.org
Website: minnesotajobnetwork.com
Other
03
If you selected 'Other', please describe where you first heard about this job. if you selected 'Employee Referral' please enter the employee's first and last name, ID number (if known), and job title. Type N/A if not applicable.
04
Please select the option that best represents your highest level of related education and experience:
Bachelor's degree in a related field and 5 or more years of related experience.
Associate's degree in a related field and 7 or more years of related experience.
High school diploma/GED and 9 or more years of related experience.
Other/None of the above.
05
If you have a degree, please indicate the type of degree and field of study (e.g. "Associate's degree in Computer Science"). If this does not apply, enter "N/A."
06
Please indicate areas in which you have professional experience (select all that apply).
Architecting and implementing secure development environments.
Container development and orchestration using Docker and Kubernetes.
Infrastructure as code (IaC) tools such as Terraform, Ansible, or Azure Resource Manager (ARM) templates.
CI/CD pipelines and tools like Azure DevOps, Jenkins, or GitLab CI.
Security best practices in software development and infrastructure management, particularly within the Azure ecosystem.
Azure cloud services, including Azure Active Directory, Azure Security Center, and Azure Key Vault.
Monitoring and logging tools like Prometheus, Grafana, or ELK Stack.
Compliance frameworks such as GDPR, HIPAA, or PCI-DSS.
None of the above.
07
Please list any relevant certifications (e.g. Certified Kubernetes Administrator (CKA), AWS Certified DevOps Engineer). If this does not apply, enter "N/A."
08
Please briefly describe your experience working and collaborating with teammates and stakeholders with diverse viewpoints and backgrounds.
Required Question
Agency
Metropolitan Council
Address
390 Robert St. N.St. Paul, Minnesota, 55101
Website
https://metrocouncil.org
Apply
Please verify your email addressVerify Email