Cloud DevSecOps Engineer

Guidehouse•Tysons Corner, VA

10d•$149,000 - $248,000•Hybrid

About The Position

Design, implement, and maintain gated, test-driven CI/CD pipelines using Harness and AWS-native tools. Implementing infrastructure-as-code and configuration-as-code best practices to govern and automate cloud infrastructure and configuration for the application. Automate builds and deployments for backend microservices, React frontend, and APIs. Integrate automated testing, static code analysis, and security scanning tools. Manage deployments across multiple environments (Dev, Test, Staging, Prod) in AWS. Work with EKS (Kubernetes), ECS, and AWS API Gateway for cloud-native deployments. Hands-on configuration and administration of the application’s cloud components, including RDS, Lambda, and AWS API Gateway. Use GitHub Enterprise for source control, branch protection, and administering the team’s branching and builds. Integrate code and artifact scanning tools in the pipeline (SonarQube, Checkmarx, Prisma Cloud, and Sonatype Lifecycle) and automate scans. Configure and manage service accounts with least privilege access across tools. Use HashiCorp Vault (Nautilus) for credential management and access control. Ensure logging and monitoring (Splunk, CrowdStrike, Tenable Nessus, Flexera). Collaborate with developers and architects to align pipeline with system architecture. Implement application patching, release deployment, maintenance, while maintaining security best practices. Maintain compliance with USCIS DevSecOps policies and governance standards.

Requirements

U.S. Citizenship and ability to obtain a Public Trust clearance.
Bachelor's degree and Ten (10) years of relevant experience Or Master's degree and Eight (8) years of relevant experience.
Experience in DevOps and cloud engineering.
Strong experience with AWS services: Lambda, RDS, API Gateway, ECR.
Extensive experience with AWS EKS / Kubernetes administration.
Strong experience supporting teams developing containerized microservices.
Proficiency in CI/CD pipeline tools and scripting (Harness).
Strong experience with containerization and Kubernetes (EKS), deploying microservices.
Familiarity with automated testing and static analysis tools (SonarQube, Checkmarx).
Experience with artifact management (Nexus Repository, Sonatype Lifecycle).
Knowledge of credential management using HashiCorp Vault.
Strong understanding of Agile methodologies and feature branch workflows in Git.
Experience with gated releases and deployments, including into a production environment.
Ability to work independently and communicate effectively with technical teams.
Must be able to work at Guidehouse Tysons Office approximately 1 day per week and Client Office in Camp Springs, MD approximately 1-2 days a week.

Nice To Haves

Certifications (Not Required, but Common for Strong Candidates): AWS Certified DevOps Engineer - Professional AWS CloudOps Engineer AWS Certified Solutions Architect – Associate Certified Kubernetes Administrator (CKA) or KCA HashiCorp Certified: Vault Associate
Experience with Prisma Cloud container scanning
Familiarity with monitoring tools: Splunk, New Relic, Prometheus, Grafana
Exposure to security tools: CrowdStrike, Tenable Nessus, Flexera
Experience with service account management and RBAC in Kubernetes
Knowledge of infrastructure-as-code (Terraform, CloudFormation)
Prior experience in federal or regulated environments
Familiarity with JIRA or ServiceNow for ticketing and traceability

Responsibilities

Design, implement, and maintain gated, test-driven CI/CD pipelines using Harness and AWS-native tools.
Implementing infrastructure-as-code and configuration-as-code best practices to govern and automate cloud infrastructure and configuration for the application.
Automate builds and deployments for backend microservices, React frontend, and APIs.
Integrate automated testing, static code analysis, and security scanning tools.
Manage deployments across multiple environments (Dev, Test, Staging, Prod) in AWS.
Work with EKS (Kubernetes), ECS, and AWS API Gateway for cloud-native deployments.
Hands-on configuration and administration of the application’s cloud components, including RDS, Lambda, and AWS API Gateway.
Use GitHub Enterprise for source control, branch protection, and administering the team’s branching and builds.
Integrate code and artifact scanning tools in the pipeline (SonarQube, Checkmarx, Prisma Cloud, and Sonatype Lifecycle) and automate scans.
Configure and manage service accounts with least privilege access across tools.
Use HashiCorp Vault (Nautilus) for credential management and access control.
Ensure logging and monitoring (Splunk, CrowdStrike, Tenable Nessus, Flexera).
Collaborate with developers and architects to align pipeline with system architecture.
Implement application patching, release deployment, maintenance, while maintaining security best practices.
Maintain compliance with USCIS DevSecOps policies and governance standards.

Benefits

Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Parental Leave
401(k) Retirement Plan
Group Term Life and Travel Assistance
Voluntary Life and AD&D Insurance
Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
Transit and Parking Commuter Benefits
Short-Term & Long-Term Disability
Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Care.com annual membership
Employee Assistance Program
Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
Position may be eligible for a discretionary variable incentive bonus