In this post, I provide my DevSecOps Engineer Resume as an example, and the tool I wield to make it competitive when applying to jobs.
Current DevSecOps Engineer Resume
I use a plain text-style resume when applying online to jobs because of the Applicant Tracking System (ATS), which is a piece of software that scans most people's resumes whenever they apply online.
The ATS often messes up when reading fancier resumes so I opt and advise others to use a simple plaintext resume with minimal formatting.
Anyways, here is my DevSecOps resume in all it's glory:
B.S. Computer Science, University of Houston - Main Campus, December 2018
Python, GO, Docker, Kubernetes, KubeBench, DockerBench, KubeHunter, KOPS, Helm, Terraform, Terragrunt, Anchore, Snyk, Veracode, Machine Learning
* Open Source Resume Scanning Project built in GoLang and Deployed on AWS
* Built a DevSecOps Pipeline through GitHub Actions to reduce likelihood of exploits making it to production
* Implemented a WAF to further protect web application
* Open Source repository that shows how to create a free DevSecOps Pipeline through GitHub Actions
* Added OWASP Dynamic Application Scanning
* Demonstrates a Dockerized GoLang application deployment to AWS ElasticBeanstalk
DevSecOps Engineer, HP, Inc., Houston, TX, 2018-2022
Terragrunt Infrastructure Pipeline
* Enabled 200+ developers to provision any piece of AWS infrastructure they needed 24/7 365 days a year
* Reduced infrastructure resource provisioning time from days to minutes
AWS WAF Implementation
* Increased AWS Web Application Firewall (WAF) on AWS Application Load Balancers (ALB) from 0% to 100% in production
* Innersourced the WAF into a Terragrunt template that is applied across hundreds of AWS ALB's
Compliance Reporting Platform
* Reduced report creation from one hour to automatically happening in seconds via Python Lambdas
* Helped secure SOC 2 and SOC 1 compliance as a result of 100% monthly reporting
Golden Amazon Machine Image
* Used Docker Bench to create a golden Amazon Machine Image (AMI)
* AMI is now the basis of 200+ Kubernetes Nodes
* AMI has Security Agents Built in to ensure compliance of SOC 2 and 1
Kubernetes Zero Downtime Upgrades
* Used Kubebench to determine which vulnerabilities existed in current version of Kubernetes cluster
* Upgraded Kubernetes Cluster version from 1.11 to 1.13 with zero downtime for CVE vulnerability patches
Gater - Gated Check In tool
* GoLang CLI that enabled smart code coverage check in on 300+ repositories
* Increased Code coverage from 10-60% on average
ADM - Automation of Repository Creation & Enforcement
* Created a GoLang CLI to enforce branch protection rules on 300+ repositories
* Branch protections increased by 51%
As you might be able to see a DevSecOps engineer is mostly about adding security features to a DevOps pipeline.
It's not much different than typical DevOps work in the idea of automation but it has finer things to think about.
Mainly integrating the Security tools isn't hard, but it is automatically interpreting the results and crafting actionable reports for devs and security to use that is.
In my experience, I've found GoLang to be great for building simple CLI tools to integrate into the pipeline(s) for reading the security tool's results and taking action.
Check out my articles about GoLang below: