DevSecOps Engineer (Senior)

About The Position

Requirements

• Twelve (12) years of experience to include three (3) of the following areas: Systems or Software: Requirements, Design, Development, Verification and Validation/Test & Evaluation, Integration, Build & Deployment; Systems Administration, Information Assurance, Business Analysis, Integrated Development Environment tools and Online & End-User Documentation for C4ISR systems or other federal agency IT Systems. This individual shall specify required experience through training and work.
• Note: Experience may be concurrent.
• US Citizenship Required.
• Most Hold Active DoD Secret Clearance or Interim to Qualify (Favorable T3 Equivalent Background Investigation).
• Must have DoD8570 compliant certifications (Sec+ and OS) to meet requirements for privileged access to MIP.
• Valid CompTIA Security+ or equivalent certification (Minimum: DoD 8570.1-M IAT Level II), or ability to obtain within a reasonable timeframe.
• High School diploma or GED. Technical Training in Information Technology (IT) or Software Application Development.
• Minimum of 2+ years’ related IT experience should include DevOps/DevSecOps Engineering, CI/CD, Build & Release, SRE, Operations Engineering, Systems Integration Engineering, and/or Cloud Administration.
• Prior experience evaluating/assessing systems in Government Cloud environments using DevSecOps principals with Continuous Security.
• Must have a strong understanding of Infrastructure as Code and preferably hands-on experience with Terraform, AWS Cloud-Formation, or similar.
• Must have experience with Docker and Rancher or Kubernetes, OpenShift, Fargate, or similar container orchestration tool(s).
• Must have experience in infrastructure automation and DevOps integration.
• Must have experience in developing and managing Continuous Integration and Continuous Delivery environments.
• Minimum Clearance Requirements: Minimum of an Active Interim Secret Clearance (DoD) / Favorable T3 Equivalent Background Investigation

Nice To Haves

• Hands-on experience with the following: Jenkins, GitLab, HashiCorp Vault, Argo CD, Red Hat Enterprise Linux, Amazon EKS
• A strong understanding and background with DISA STIGS

Responsibilities

• Leads Technical Platform Team/CICD pipelines implementation and sustainment.
• Develops GitLab CI/CD Pipelines
• Automates configurations within Kubernetes
• Supports cloud networking and routing for DNS, TLS, and Ingress/Egress
• Maintains and Hardens Base Images
• Within Cloud Environments, support the development and documentation of risk assessment results and recommendations using identified threats, applicable vulnerabilities, and likelihood of occurrence within context of risk tolerances, providing recommendations for corrective actions and mitigation strategies.
• Provide automated and manual validations of Information Assurance Controls (IACs) and Validation Procedures (VPs) in accordance with the DoD Guidelines, CNSSI 1253 and/or NIST 800 Publications.
• Perform validation, troubleshooting, and documentation for DevSecOps engineering efforts.
• Document processes and services for use by cloud application development teams.
• Participates in Agile process to develop tasking, describe technical solutions, and test deployed systems.
• Research problems discovered by quality reviews and develops solutions.
• Leverages scripting and other automation tasks to manage infrastructure.
• Provides inputs to technical assessments related to the cost, efficiency, and security posture of a system.
• Develops system infrastructure testing procedures, programming, and documentation.
• Identifies creative solutions to improve system and product offerings.
• Collaborates with technical writers to create customer-relevant documentation.
• Coordinates with project work teams to ensure adherence to policies, achievement of quality targets and delivery on schedule milestones.