DMI is seeking a mid-level DevSecOps Engineer to augment an existing engineering team supporting a federal agency client's hybrid cloud infrastructure. In this role, you will extend and mature established infrastructure automation, CI/CD pipeline capabilities, container orchestration, and security-hardened delivery practices within an active production environment — building on existing patterns rather than designing from scratch.

Duties and Responsibilities:

• Maintain, extend, and improve Terraform and OpenTofu codebases for provisioning and managing hybrid cloud infrastructure; manage state files and remote backends within approved change control processes
• Develop and maintain Ansible playbooks and roles to automate system configuration, compliance enforcement, patch management, and application deployment
• Build, maintain, and improve GitHub Actions workflows incorporating security gates, including SAST, dependency scanning, secrets detection, and policy-as-code validation
• Support containerized application delivery using Docker for image builds and Kubernetes for orchestration; manage Dockerfiles, Kubernetes manifests, Helm charts, and RBAC configuration
• Integrate security practices throughout the software delivery lifecycle, enforcing CIS benchmarks and supporting NIST SP 800-53 and FISMA compliance requirements
• Participate in stand-ups, sprint planning, and peer code reviews; maintain clear records of all changes to shared codebases and pipelines

Education and Years of Experience:  

• Bachelor's degree in Information Technology or a related field preferred
• Formal education requirements may be waived based on 4 years of relevant professional experience
• Hands-on experience with Terraform and/or OpenTofu, including module development, remote state management, and workspace management
• Proficiency with Ansible, including playbook and role development, dynamic inventories, and Ansible Vault for secrets management
• Demonstrated experience designing and maintaining GitHub Actions workflows, including reusable workflows and security gate integration 
• Working knowledge of Docker image authoring and hardening, Kubernetes manifest and Helm chart management, and container security scanning
• Familiarity with SAST tools (Semgrep, Checkov, tfsec), secrets scanning (Gitleaks, Detect-Secrets), and policy-as-code frameworks (OPA/Rego)
• Proficiency with Git-based workflows, including branching strategies, pull request reviews, and protected branch enforcement 

Required Skills & Certifications: 

• Experience in a federal or highly regulated environment
• Familiarity with NIST SP 800-53, FISMA, and FedRAMP compliance requirements 
• Cloud platform experience (AWS)
• Experience with secrets management tools such as HashiCorp Vault 
• Scripting proficiency in Python and Bash 

Background Requirements: Must possess or be eligible to obtain and complete a Public Trust background investigation and/or a Public Trust clearance.

• Public Trust Tier 2 clearance required.

Citizenship Status Required: Must be a U.S. Citizen

Physical Requirements: None required for this position.

Location: Remote, US