Senior DevSecOps Engineer

T-Rex Solutions•Arlington, VA

5d•Remote

About The Position

T-Rex Solutions is seeking a Senior DevSecOps Engineer to support our FDIC customer. This role is primarily remote with potential for occasional meetings at FDIC HQ in Arlington, VA as needed.

Requirements

Bachelor's degree in Computer Science, Software Engineering, Computer Engineering, Information Systems, Cybersecurity, or a related technical field.
Minimum of 8 years of experience in software engineering, DevOps, DevSecOps, cloud engineering, cybersecurity engineering, or related disciplines.
Demonstrated experience implementing DevSecOps practices within enterprise environments, supporting complex application development and modernization initiatives.
Experience developing and maintaining CI/CD pipelines and deployment automation frameworks.
Experience integrating automated testing and security controls into software delivery processes.
Experience supporting hybrid cloud and on-premises environments.
Strong understanding of Agile software development methodologies.
Extensive experience with DevSecOps tools, automation frameworks, and software delivery platforms.
Strong knowledge of Microsoft Azure
Experience with the following toolset: GitHub Enterprise Server/Cloud, JFrog Artifactory, JFrog Xray, SonarQube, GitHub Advanced Security, GitHub Copilot, and Subject7
Knowledge of containerization and infrastructure technologies including Azure Kubernetes Services (AKS), Virtual Machines, Application Gate Way, App Services, Key Vaults, ServiceNow, CyberArk, and Terraform
Proficiency in one or more modern programming and scripting languages such as Java, C#, Python
Experience with source code repositories, version control systems, and artifact management platforms.
Strong understanding of: Zero Trust Architecture, Application Security (AppSec), NIST 800-53 security controls, Continuous Monitoring, Logging and Audit Requirements (M-21-31)
Knowledge of enterprise testing frameworks and automated quality assurance practices.
Strong written and verbal communication skills with demonstrated experience briefing senior-level personnel.
Experience supporting Continuous Authority to Operate (ATO) initiatives.
Ability to obtain and maintain a Public Trust, suitability determination, or other clearance level required.

Nice To Haves

Certified Kubernetes Administrator (CKA)
Certified Kubernetes Security Specialist (CKS)
Microsoft Azure DevOps Engineer Expert
Microsoft Azure Solutions Architect Expert
DevSecOps Foundation or equivalent certification

Responsibilities

Design, develop, implement, and maintain enterprise DevSecOps solutions that integrate development, security, testing, and operations capabilities.
Build and optimize CI/CD pipelines that support automated software builds, testing, security scanning, deployment, and release management.
Support software development teams by integrating security, compliance, and quality controls throughout the SDLC.
Develop and maintain Infrastructure as Code (IaC) solutions to automate provisioning, configuration, and management of cloud and on-premises infrastructure.
Implement automated deployment and configuration management processes to improve consistency, reliability, and scalability.
Participate in the design, configuration, testing, administration, and monitoring of enterprise DevSecOps toolchains.
Research, evaluate, and recommend emerging DevSecOps technologies, tools, frameworks, and best practices.
Embed security controls and compliance requirements into all phases of the SDLC.
Integrate and maintain application security tools and processes, including: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Container and image scanning, Secret detection and credential management, Infrastructure security scanning, and Fuzz testing.
Support implementation of Zero Trust security principles across development and operational environments.
Ensure compliance with federal cybersecurity requirements and security engineering best practices.
Assist with vulnerability identification, remediation planning, risk mitigation, and security reporting.
Support audit readiness activities and compliance documentation requirements.
Develop and lead enterprise testing automation strategies integrated within DevSecOps pipelines.
Implement automated functional, integration, regression, performance, load, and security testing capabilities.
Enable self-service testing capabilities for product teams and development organizations.
Establish and maintain testing frameworks, automation standards, and quality assurance processes.
Define and implement test coverage metrics, quality gates, pass/fail criteria, and release readiness requirements.
Champion shift-left testing practices by integrating validation and testing activities early in the SDLC.
Promote continuous improvement of test plans, test data management processes, and automated testing frameworks.
Ensure traceability between requirements, work items, source code, test cases, vulnerabilities, risk mitigation activities, and releases.
Analyze and report testing outcomes, quality trends, vulnerabilities, and performance metrics to stakeholders and leadership.
Provide technical leadership and mentorship to software engineers, DevSecOps practitioners, testers, and operations personnel.
Serve as a subject matter expert for DevSecOps methodologies, toolchains, automation frameworks, and software engineering best practices.
Support architecture reviews, design discussions, technical evaluations, and modernization initiatives.
Collaborate with Solution Architects, Security Architects, Product Owners, and technical teams to ensure alignment with organizational goals.