DevSecOps Engineer

About The Position

Requirements

• Active security clearance; eligible for CSWF Level II designation
• Five or more years of experience with DevSecOps principles, including experience supporting Agile, Scrum, or Extreme Programming development teams
• Linux certification such as CompTIA Linux+, RHCSA, or equivalent experience
• Linux system administration background is required
• One or more years of experience with CI/CD pipeline workflow management, including Git, Bash, automation practices, GitOps workflows, and cloud-native application deployment
• Experience building, deploying, and maintaining applications on containerization platforms including Docker, Podman, Kubernetes, OpenShift, and Amazon EKS
• Hands-on experience deploying and operating applications in AWS and AWS GovCloud, including Kubernetes-based workloads, AWS networking, IAM-integrated services, storage, load balancing, and certificate management
• Experience administering Amazon EKS clusters, including namespaces, workloads, services, ingress resources, node pools, autoscaling, storage classes, persistent volumes, and application lifecycle management
• Experience with EKS Auto Mode / Karpenter-style node lifecycle management, including node disruption controls, maintenance windows, workload rescheduling, and cluster availability considerations
• Experience using OpenShift on AWS to manage application deployments, upgrades, route/ingress behavior, and full application lifecycles
• Experience deploying and maintaining production applications using Helm, Kubernetes manifests, Argo CD, External Secrets, ConfigMaps, Secrets, PersistentVolumeClaims, StatefulSets, Deployments, Services, Ingress, and ServiceAccounts
• Experience managing AWS-integrated Kubernetes ingress patterns, including AWS Load Balancer Controller, ALB/NLB configuration, path-based routing, TLS certificates, ACM certificates, DNS integration, and external-dns
• Experience supporting complex application networking across private AWS VPC networks, F5, ALB/NLB, internal DNS, public/private hostnames, NAT gateways, and controlled ingress/egress paths
• Experience configuring applications for secure outbound connectivity through AWS networking services, including NAT routing, SMTP relay access, and controlled egress through approved IP ranges
• Experience administering web server architectures, including Apache Tomcat on RHEL
• Experience with two or more of the following technologies: Git, Fortify, SonarQube, Chef, Docker, Podman, OpenShift, Kubernetes, Amazon EKS, Helm, Tekton, Argo CD, External Secrets, AWS Secrets Manager, AWS Load Balancer Controller, F5 APM
• Strong knowledge of Windows and RHEL administration, including troubleshooting, monitoring, patching, and maintaining Linux and Windows-based environments
• Familiarity with open-source tools and utilities used to manage, monitor, and troubleshoot Linux infrastructure, Kubernetes platforms, container workloads, and networks
• Five or more years of experience administering servers, backup operations, and system monitoring in multiple complex network server environments
• Experience deploying and operating enterprise DevSecOps applications in Kubernetes/EKS environments, including Artifactory, Keycloak, Grafana, Graylog, n8n, SonarQube, Fortify, Coverity, BDBA, SRM/CodeDx, and related platform services
• Experience with centralized logging and monitoring for Kubernetes workloads, including Filebeat/Beats, Graylog, application logs, node logs, Kubernetes metadata, pipelines, streams, and search/index configuration.
• Experience with automation tools such as PowerShell, Ansible, Bash, n8n, and ScriptRunner
• Two or more years of experience with identity and access management platforms, including Keycloak, SAML, OIDC, CAC/PIV authentication, DoD certificate-based authentication, multi-factor authentication, security policies, and zero-trust design concepts
• Experience configuring secure application authentication and authorization using Keycloak, including realms, clients, identity providers, SAML/OIDC mappings, group claims, token lifespans, client secrets, TLS truststores, and certificate-based login flows
• Ability to troubleshoot complex production application issues across Kubernetes, AWS, Linux, networking, identity management, databases, logging platforms, and application-layer services
• Ability to work full time at the customer location in a secure area on classified systems

Nice To Haves

• Experience supporting DevSecOps platforms in DoD, classified, or highly regulated environments
• Hands-on experience operating applications in AWS GovCloud and private AWS network environments
• Experience with Amazon EKS, OpenShift, Kubernetes, Helm, GitOps, Argo CD, and cloud-native application lifecycle management
• Experience designing and supporting Kubernetes ingress and routing architectures using ALB, NLB, F5, DNS, TLS certificates, ACM, and external-dns
• Experience configuring and troubleshooting AWS networking components such as VPCs, subnets, route tables, NAT gateways, private DNS, controlled egress, and hybrid routing through enterprise network appliances
• Experience deploying stateful applications in Kubernetes using StatefulSets, PVCs, storage classes, volume expansion, backup/restore processes, and persistent storage troubleshooting
• Experience integrating applications with enterprise identity providers using SAML, OIDC, CAC/PIV, MFA, Keycloak, and DoD PKI certificates
• Experience with platform services such as Artifactory, Graylog, Grafana, Keycloak, n8n, SonarQube, Fortify, Coverity, BDBA, and SRM/CodeDx
• Experience creating automation workflows for user provisioning, application maintenance, Keycloak administration, webhook processing, and operational support
• Experience with centralized logging, log enrichment, Kubernetes metadata parsing, Graylog streams, Graylog pipelines, and operational dashboards
• Experience managing application secrets using AWS Secrets Manager, External Secrets Operator, Kubernetes Secrets, and GitOps-safe deployment patterns
• Experience with TLS, truststores, Java keystores, internal certificate authorities, SMTP integration, and secure application-to-application communication
• Experience troubleshooting production issues using Kubernetes/OpenShift CLI tools, pod logs, exec sessions, health endpoints, network tests, application logs, and database connectivity checks
• Experience supporting secure application hosting, reverse proxies, load balancers, certificates, and F5/APM integrations

Responsibilities

• Ensuring system platform supports developer software tools for DoD and IC community and that developer pipeline tools are functioning and communicating in accordance with Federal, Department of Defense (DoD), and Intelligence Community (IC) policy
• Performing system administration for enterprise software applications on a regular upgrade cycle, ensure DoD users have availability for development software tools and workflow apps in a DevSecOps pipeline
• Developing and assisting design of the security interfaces, security interconnections, and the trust relationship between system components and external systems
• Implementing system security designs using commercial-off-the-shelf (COTS), government-off-the-shelf (GOTS), and open-source hardware and software
• Overseeing the hardening and configuration systems and system components in accordance with various Federal, DoD, and IC guidance
• Managing security assessments of systems and system components using industry standard automated vulnerability scanning tools
• Coordinating with cyber on security assessments to identify security control failures and recommend corrective actions

Benefits

• medical
• dental
• vision
• 401(k) with a company match
• life insurance
• vacation and sick paid time off accruals starting at 10 days of vacation and 5 days of sick leave annually
• 11 paid holidays
• tuition reimbursement