The Moxxie portfolio is hiring!

Join these teams making life and work better

DevSecOps Consultant

Pesto Tech

Pesto Tech

Posted on Thursday, May 9, 2024
Position: DevSecOps Consultant
Duration: ~3-4 weeks (Part-time/Freelance Project)
Location: Remote
**Note: This position is with one of our hiring partners
Role Overview:
We are seeking a DevSecOps Consultant for a short-term project focused on hardening multiple Docker images to patch CVEs. The project involves securing approximately 10+ images by leveraging tools such as Trivy for image scanning and Chainguard or Copa for image patching. The ideal candidate will have strong expertise in Docker (or OCI format), image scanning, and patching tools, with familiarity in CI/CD workflow automation tools like Github Actions and Terraform being advantageous.

Key Responsibilities

  • Collaborate with the team to assess and identify vulnerabilities within Docker images.
  • Utilize image scanning tools such as Trivy to conduct thorough vulnerability assessments.
  • Develop and implement strategies to patch CVEs and harden Docker images.
  • Work closely with stakeholders to ensure compliance with security standards and best practices.
  • Document the process, including steps taken and recommendations for future security enhancements.
  • Provide guidance and support to the team on DevSecOps best practices and methodologies.

Required Skills and Experience:

  • Strong experience working with Docker (or OCI format) and containerization technologies.
  • Proficiency in image scanning tools like Trivy for vulnerability assessments.
  • Hands-on experience with image patching tools such as Chainguard or Copa.
  • Familiarity with CI/CD workflow automation tools, preferably Github Actions and Terraform.
  • Excellent problem-solving skills and attention to detail.
  • Ability to work independently and deliver results within tight deadlines.
  • Effective communication skills, both verbal and written.
  • Security certifications (e.g., Certified Kubernetes Security Specialist, Certified Docker Associate) are a plus.
About Pesto Tech:
Pesto is where software developers go to build their career path for the next 5 years. We don't just offer jobs; we provide unparalleled opportunities for your growth and success in the dynamic landscape of Tech Jobs.