DevSecOps Engineer

About The Position

Requirements

• U.S. Citizenship or Permanent Residence Status
• Public Trust Tier 2 background investigation
• FBI criminal checks and fingerprinting
• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related discipline (or equivalent experience)
• 5+ years of DevSecOps, Cloud Engineering, or Infrastructure Automation experience
• Hands-on experience with Terraform and OpenTofu, including module development, remote state management, and workspace management
• Proficiency with Ansible, including playbook and role development, dynamic inventories, and Ansible Vault for secrets management
• Demonstrated experience designing and maintaining GitHub Actions workflows, including reusable workflows, matrix builds, and security gate integration
• Working knowledge of Docker image authoring and hardening, Kubernetes manifest and Helm chart management, and container security scanning tools (e.g., Trivy, Grype, or equivalent)
• Familiarity with SAST tools (e.g., Semgrep, Checkov, tfsec), secrets scanning (e.g., Gitleaks, Detect-Secrets), and policy-as-code frameworks (e.g., OPA/Rego)
• Proficiency with Git-based workflows including branching strategies, pull request reviews, and protected branch enforcement
• Terraform/OpenTofu
• Ansible
• GitHub Actions
• Docker
• Kubernetes
• Git-based development workflows
• SAST tools
• Secrets scanning
• Policy-as-code frameworks
• DAST tools
• AWS
• Python and/or Bash

Nice To Haves

• Experience in a federal or highly regulated environment
• Familiarity with NIST SP 800-53, FISMA, and FedRAMP compliance requirements
• Cloud platform experience (AWS)
• Experience with secrets management tools (e.g., HashiCorp Vault)
• Scripting proficiency in Python and Bash

Responsibilities

• Infrastructure as Code (Terraform/OpenTofu): Maintain and enhance existing Terraform and OpenTofu environments, develop reusable infrastructure modules, manage state files and remote backends, execute infrastructure deployments through approved change control processes, and refactor legacy infrastructure code to current standards.
• Configuration as Code (Ansible): Develop and maintain Ansible playbooks and roles, automate server configuration and application deployment, support patch management and compliance enforcement, and maintain inventory and configuration documentation.
• CI/CD Engineering (GitHub Actions): Develop and maintain GitHub Actions workflows, automate build, test, security scanning, and deployment processes, implement SAST, dependency scanning, secrets detection, and policy-as-code controls, and support code review and release management processes.
• Containerization & Kubernetes: Develop and maintain Dockerfiles, support Kubernetes deployments and orchestration, manage manifests, Helm charts, namespaces, and RBAC configurations, perform container vulnerability scanning and remediation, and support cluster monitoring and troubleshooting.
• Security Integration & Compliance: Integrate security controls throughout CI/CD pipelines, support vulnerability management and remediation efforts, assist with compliance, audit, and security assessment activities, and maintain technical documentation and operational runbooks.