DevSecOps Engineer

About The Position

Requirements

• 5+ years of hands-on experience in DevOps/DevSecOps roles.
• 3+ years of experience designing and managing GitLab CI/CD pipelines at scale (GitLab SaaS or self-managed).
• Demonstrated experience supporting federal or public sector programs (civilian, DoD, or health agencies) with understanding of federal security expectations.
• Strong experience with:
• CI/CD tools: GitLab CI, runners, GitLab registry.
• Languages / frameworks: at least one of Python, Java, JavaScript/TypeScript, .NET, Go.
• Containers & orchestration: Docker, Kubernetes (EKS/AKS/GKE or on-prem equivalents).
• Infrastructure-as-Code: Terraform and/or Ansible (or equivalent).
• Security tooling: SAST, DAST, SCA, container image scanning, secrets scanning.
• Hands-on experience deploying to cloud environments (AWS, Azure, GCP) and/or federal on-prem/private cloud environments.
• Familiarity with NIST, FedRAMP, Zero Trust , and common federal security control families (access control, configuration management, incident response, audit & accountability).
• Strong scripting and automation skills (Bash, Python, or similar).
• Excellent communication skills with the ability to explain complex technical concepts to non-technical stakeholders.
• Must be a U.S. Citizen and able to obtain a public trust clearance.

Nice To Haves

• Prior experience working directly with HHS, NIH, CMS, ACF, DoD, or similar federal agencies.
• Experience supporting ATO processes, security assessments, and remediation of audit findings.
• Hands-on experience integrating GitLab with:
• Issue tracking (Jira, GitLab issues)
• Artifact repositories (GitLab registry, Nexus, Artifactory)
• SIEM / logging platforms (e.g., Splunk, ELK/Opensearch, CloudWatch, Sentinel).
• Experience implementing Zero Trust aligned architectures for CI/CD and runtime environments.
• Certifications (nice to have, not required):
• DevOps / Cloud: AWS/Azure/GCP Associate or Professional-level, Kubernetes (CKA/CKAD).
• Security: Security+, CISSP, CSSLP, or equivalent.
• GitLab: GitLab Certified Associate / Professional (if applicable).

Responsibilities

• CI/CD Pipeline Engineering (GitLab-focused)
• Design, build, and maintain GitLab CI/CD pipelines for multiple applications and services (microservices, APIs, infrastructure-as-code).
• Implement standardized pipeline templates and reusable jobs to support consistent delivery across programs.
• Integrate automated build, test, security scanning, and deployment steps into GitLab pipelines.
• Optimize pipeline performance (caching, parallelization, artifact management) to reduce build and deploy times.
• DevSecOps & Automation
• Embed security controls early and continuously in the pipeline (SAST, DAST, SCA, container scanning, IaC scanning).
• Automate compliance checks, policy-as-code, and configuration drift detection.
• Implement and support infrastructure-as-code (IaC) solutions (Terraform, Ansible, CloudFormation, etc.) to provision and manage cloud and on-prem environments.
• Integrate CI/CD with monitoring, logging, and alerting tools to provide full visibility across the delivery pipeline.
• Federal Environment & Compliance
• Design and operate pipelines aligned with federal security and compliance requirements (e.g., FISMA, NIST 800-53, FedRAMP, Zero Trust principles).
• Work with ISSOs, AO teams, and security/compliance stakeholders to provide pipeline and environment documentation supporting ATO packages.
• Ensure secure configuration of build agents, runners, secrets management, and artifact repositories in compliance with agency policies.
• Collaboration & Technical Leadership
• Partner with development teams to define branching strategies, code review workflows, and release management practices in GitLab.
• Collaborate with cybersecurity teams to respond to vulnerabilities, findings, and audits, and to implement remediations in code and pipelines.
• Provide guidance, documentation, and training to engineers and stakeholders on DevSecOps best practices and GitLab usage.
• Contribute to and enforce standards for coding, configuration management, and deployment processes.

Benefits

• 401(k) matching
• Competitive salary
• Health insurance
• Paid time off