DevSecOps Engineer II

About The Position

Requirements

• B.S. in Computer Science, or similar degree with 3+ years of relevant experience
• Proven experience as a Software Developer, DevOps Engineer, or similar role, preferably in a federal or government contracting environment. Experience in line with the following:
• CI/CD pipelines to automate application build, test and deployment processes
• Implementation, Monitoring, Analysis, closure, and verification of Security Technical Implementation Guide (STIG) findings
• Container orchestration and other container tools such as Kubernetes, OpenShift, Docker, Helm charts
• Experience with Infrastructure as Code and infrastructure testing strategies (using Terraform)
• Experience with DevOps Automation platforms for Continuous Integration and Continuous Deployment (CI/CD) like Harness, Jenkins, and Gitlab
• Experience with Static Application Security Testing (SAST) Tools such as Fortify, SonarQube, and XRAY
• Experience with Dynamic Application Security Testing (DAST) tools like OWASP ZAP
• Experience in Site Reliability Engineering (SRE)
• Experience containerizing applications using OCI-compliant tools (Docker, Buildah, apko, etc).
• Must possess demonstrated experience with securing containerized environments
• Must be highly proficient with Linux
• Must be proficient with Bash, Python, or similar scripting
• Experience and understanding of the entire Software Development Lifecycle (SDLC)
• Strong software development experience working in an Agile Scrum environment
• Experience with systems reliability, load balancing, monitoring, logging
• Familiarity with Agile/Scrum development methodologies and experience working within an Agile team.
• Excellent communication and collaboration skills, with the ability to effectively interface with technical and non-technical stakeholders.
• Security Clearance: Must be able to provide proof of US Citizenship and have or are able to attain a Government Agency Suitability Clearance.

Nice To Haves

• Prior experience with cyber, information, or application security tools such as: Twistlock/Prism Cloud Compute, SonarQube, Splunk, etc.
• Hands-on programming experience with Groovy, Python, Springboot Java, and Javascript.
• Experience with DevSecOps
• Familiarity with AWS databases, IAM management, and VPC configuration
• Understanding of Everything as Code

Responsibilities

• Design, Develop, maintain, and secure continuous integration (CI) and continuous delivery (CD) solutions in various orchestrator tooling
• Directly support the analysis, closure, and verification of Security Technical Implementation Guide (STIG) findings
• Design, develop, and implement a scalable and secure DevSecOps infrastructure, including CI/CD pipelines, version control systems, and automated testing frameworks
• Implement automated deployment and configuration management processes and containerization technologies (e.g., Docker, Kubernetes)
• Develop and enforce best practices and standards for code quality, application security, and performance optimization, ensuring adherence to federal guidelines and compliance requirements
• Collaborate with cybersecurity personnel to identify and implement appropriate security controls, automated security scans, and vulnerability assessments throughout the software development lifecycle
• Update software development processes and procedures where necessary
• Support updates to unit and integration tests and pipelines corresponding to software updates
• Assist in establishing, developing, and maintaining the platform and infrastructure environment necessary to host the application for development, test, and stage
• Design, Develop, maintain, and secure OCI-compliant container solutions for Kubernetes environments
• Develop Infrastructure as Code (IaC) to build and configure high performing, scalable, secure cloud-based infrastructure
• Support the deployment of microservices to cloud or on-prem hosted Kubernetes environments
• Support the development of new code, updates, including security updates, and fixes to software applications following the SCRUM software development process