Devsecops Senior Cloud Security Engineer

Costar Group, Inc. Washington , DC 20319

Posted 2 months ago

DevSecOps Senior Cloud Security Engineer

Job Description

DevSecOps Senior Cloud Security Engineer

CoStar Group, Inc. (NASDAQ

  • CSGP) ( is commercial real estate's leading provider of information and analytic services.

Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of commercial real estate information. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availabilities.

Headquartered in Washington, DC, CoStar maintains offices throughout the U.S. and around the world with a staff of approximately 4,300 worldwide, including the industry's largest professional research organization.


Identify and implement security improvements across private and public clouds utilized in the delivery of CoStar's customer facing products and corporate applications. Implement secure practices, defense in-depth and monitoring and event response tool sets to handle growing threats in the cloud. Work closely with DevOps, DBAs, Systems, and Network engineers to refine and enforce security practices.


  • Bachelors in Computer Science or related Field

  • Relevant experience areas (deep expertise required in at least 3):

  • Engineering cloud security guard rails in AWS, Azure, or GCP

  • Cloud Security Posture Management (CSPM) tools

  • Security Monkey, CloudCheckr, Prisma Cloud, Cloud Conformity, AWS GuardDuty, AWS Config, DivvyCloud, etc.
  • Infrastructure as Code (IaC) - Ansible, Terraform, Chef, AWS Cloudformation, SaltStack, Puppet.

  • Scripting languages such as PowerShell, Python, GoLang, Ruby, etc.

  • Container and Kubernetes

  • Securing container images at rest, build, and runtime.
  • Cloud WAF - Akamai Kona, AWS WAF, Arbor, Prolexic, or similar tools.

  • Logging and SIEM Technologies

  • Cloud Native solutions such as CloudTrail, Cloudwatch, and VPC Flow logs. Other packaged SIEMs such as ElasticSearch, IBM QRadar, Azure Sentinel, Splunk, etc.
  • Key Management
  • Privileged account management solutions in the cloud for key management, service account and secrets management, rotation and event response, including tools such as Secret Server (Thycotic), Vault (HashiCorp), Cloud KMS, or similar tool set.
  • Experience in a development and operations role, implementing security through code development and infrastructure code reviews, establishing security ecosystems utilizing APIs and event driven security response.

  • Previous participation in bug-hunting, pen tests, vulnerability assessments

  • Cloud access security broker (CASB) or similar experience securing SaaS offerings such as O365, GoogleApps, and other cloud vendors.


  • Optional, but very relevant certifications: AWSCSA, OSCP, SANS/GIAC, CISSP, CISA, CISM, CEH, CCNA, CCNP, MCSE, MCP, MCTS, Security+, MCITP

Operational Responsibilities:Position requires participation in a 24x7 on-call rotation and off hour's maintenance windows


Founded in 1987, CoStar Group is the leading provider of commercial real estate information, analytics, and online marketplaces. Our suite of online services enables clients to analyze, interpret and gain unmatched insight on commercial property values, market conditions and current availability. Behind some of the most well-known brands in the industry, CoStar Group includes CoStar, the largest provider of CRE research and real-time data; LoopNet, the most heavily trafficked mobile and online real estate marketplace;, the premier rental home resource for renters, property managers and owners; STR, the leading provider of performance benchmarking and comparative analytics to the hotel industry; BizBuySell, the largest online marketplace for businesses-for-sales; and Lands of America, the leading operator of online marketplaces for rural real estate.

Headquartered in Washington, DC, CoStar Group maintains offices throughout the U.S. and in Europe, Canada, and Asia with a staff of over 4,300 worldwide.


Working at CoStar Group means you'll enjoy a culture of collaboration and innovation that attracts the best and brightest across a broad range of disciplines. In addition to generous compensation and performance-based incentives, you'll be supported in both your professional and academic growth with internal training, tuition reimbursement, and an inter-office exchange program.

Our benefits package includes (but is not limited to):

  • Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug

  • Life, legal, and supplementary insurance

  • Commuter and parking benefits

  • 401(K) retirement plan with matching contributions

  • Employee stock purchase plan

  • Paid time off

  • Tuition reimbursement

  • On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes, as well as Segways and bikes available for use during the day

  • Complimentary gourmet coffee, tea, hot chocolate, prepared foods, fresh fruit, and other healthy snacks

Be part of a team of professionals enjoying the opportunity to learn, do, and grow in a rewarding atmosphere. But don't just take our word for it -- see why our team chose to work at and stay at CoStar Group:

We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However, please note that CoStar is not able to provide visa sponsorship for this position.

CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Senior Cloud Engineer

General Dynamics Information Technology

Posted 6 days ago

VIEW JOBS 10/19/2020 12:00:00 AM 2021-01-17T00:00 Type of Requisition: Regular Clearance Level Must Currently Possess: None Clearance Level Must Be Able to Obtain: None Suitability: Agency Specific Public Trust/Other Required: Job Family: Cloud Job Description: The world of investing is fascinating yet complex. While hundreds of first -time investors are turning to the markets to help pay for their homes, send their children to college and secure their futures the mission of the Securities and Exchange Commission (SEC) is becoming all the more vital. GDIT is excited to support the SEC in as it seeks to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. The SEC ISS program is a comprehensive IT program charged with operating, managing, and advancing the SEC's IT infrastructure. Our dynamic program team of IT leaders and large and small business partners is seeking bright, energetic and talented individuals to join us as we bring our innovative IT Service Delivery solutions to SEC. Currently, we are seeking Sr Cloud Engineer in Washington, D.C. The selected candidate must a US Citizen and able to obtain a Public Trust Suitability clearance, per contract requirements. Responsibilities: * Deploy and configure cloud services according to best practice * Use system automation technologies such as chef, puppet, ansible or others to create standardized IT environments * Designs, plans, and integrates cloud computing and virtualization systems using infrastructure as code and modern cloud-native deployment techniques such as DevOps and/or DevSecOps. * Design , support Continuous Delivery * Work with Solution Architects to conduct proof of concepts (POCs) and assist in Production implementations * Assess existing application stacks and suggest cloud native services for applicability * Assess existing environments for opportunities to simply, automate or bring efficiency to technical processes * Develops automation scripts for efficient deployment and operations of cloud and virtualization systems. * Advanced troubleshooting including analyzing log & trace files, opening service requests, collecting documentation, working with Vendors, and driving problem resolution. Qualifications: * BA/BS engineering or related IT, System Engineering, or STEM degree (or an additional 4 years of related experience in lieu of degree) * 12+ years of experience in Systems Engineering or related * 3+ years of experience in Amazon Web Services (AWS) cloud architecture, operations, DevOps, or administration * Hands-on experience and knowledge of AWS services and standard, best practice configurations, including EC2, VPC, RDS, IAM, CloudFormation, Route53, CloudWatch, KMS, Redshift, S3 and Glacier, Kinesis * 2+ years of experience with cloud automation and scripting * 2+ years of experience creating deployment scripts (e.g., Puppet, Chef, Ansible) * 1+ years of experience with containers (e.g., Docker) * In depth understanding of Cloud Migration methodologies and best practices * Strong Linux (RHEL preferred) and scripting background for task automation. * Exposure to big data solutions in cloud environments. * Experience with documenting procedures * Deep knowledge of software deployment, versioning and release management processes * Experience working with and supporting software production server environments * 3+ years of experience in Agile practices * Experienced in Agile software development practices and tools, such as Atlassian JIRA * Strong interpersonal and communication skills (verbal and written) Scheduled Weekly Hours: 40 Travel Required: None Telecommuting Options: Telecommuting Not Allowed Work Location: USA DC Washington Additional Work Locations: Any Location / Remote We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class. General Dynamics Information Technology Washington DC

Devsecops Senior Cloud Security Engineer

Costar Group, Inc.