Koniag Government Services

DevSecOps Engineer

Koniag Government Services$100K — $130K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, Software Engineering, IT, Cybersecurity, or related field; OR equivalent experience.
  • 4-6 years in software engineering, DevOps/DevSecOps with specific CI/CD pipeline experience.
  • Hands-on experience with CI/CD tools like Jenkins, GitLab CI/CD, or GitHub Actions.
  • Experience with security tools in CI/CD pipelines including SAST, DAST, and container scanning solutions.
  • Relevant certification such as CompTIA Security+, CKA, or AWS Certified Developer.

Responsibilities

  • Design and maintain automated, secure CI/CD pipelines for SBA.
  • Integrate security tools into CI/CD to manage vulnerabilities throughout the SDLC.
  • Implement infrastructure as code (IaC) practices for automated provisioning.
  • Collaborate with teams to enforce DevSecOps standards and quality gates.
  • Support containerization and orchestration of applications while ensuring security compliance.
  • Monitor CI/CD pipelines to enhance performance and security measures.
  • Assist in planning cloud migration initiatives focusing on security.

Benefits

  • Health, dental and vision insurance offerings.
  • 401K plan with company matching contributions.
  • Flexible spending accounts for pre-tax health expenses.
  • Generous holiday schedule and three weeks of paid time off.
Full Job Description
Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a DevSecOps Engineer to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced DevSecOps Engineer to support the implementation, operation, and continuous improvement of DevSecOps practices, pipelines, and tools in support of the U.S. Small Business Administration (SBA). The ideal candidate is a mid to senior-level engineering professional with solid hands-on experience in DevSecOps methodologies, CI/CD pipeline development, security automation, and cloud technologies, and a demonstrated ability to integrate security practices into software development and operations workflows within a federal government environment. This individual will play a key role in building, maintaining, and improving SBA's DevSecOps capabilities, contributing to the secure and efficient delivery of software and infrastructure solutions that support SBA's mission and operational objectives.

The DevSecOps Engineer will support the design, implementation, operation, and continuous improvement of DevSecOps pipelines, tools, and practices at the SBA, working closely with development teams, security teams, operations staff, and program managers to integrate security throughout the software development lifecycle and enable the reliable, secure delivery of software and infrastructure solutions in support of SBA's mission.

Principal responsibilities will include but are not limited to:
  • Design, build, implement, and maintain CI/CD pipelines and DevSecOps toolchain components for SBA, ensuring pipelines are automated, secure, and aligned with SBA's software delivery requirements and security policies.
  • Integrate security tools and automation into CI/CD pipelines including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), container security scanning, and infrastructure as code (IaC) security scanning to support the continuous identification and remediation of security vulnerabilities throughout the SDLC.
  • Implement and maintain infrastructure as code (IaC) practices and tools to support automated, repeatable, and auditable provisioning and management of SBA's IT infrastructure and cloud environments.
  • Collaborate with SBA's development, security, and operations teams to implement and enforce DevSecOps standards, coding best practices, security requirements, and quality gates within CI/CD pipelines.
  • Support the containerization and orchestration of SBA applications, ensuring container images are properly secured, scanned, and managed in accordance with SBA security requirements and federal guidelines.
  • Monitor and analyze the performance, reliability, and security of CI/CD pipelines and DevSecOps toolchain components, identifying and implementing improvements to enhance pipeline efficiency and overall effectiveness.
  • Support the planning and execution of cloud migration and modernization initiatives, applying DevSecOps principles and practices to support the secure migration of SBA workloads to cloud environments.
  • Develop and maintain DevSecOps documentation including pipeline configurations, technical runbooks, architecture documentation, and standard operating procedures to support SBA's DevSecOps program.
  • Collaborate with SBA's ISSO and security teams to ensure DevSecOps pipelines and practices support the maintenance of system Authorization to Operate (ATO) requirements, including supporting the automation of security control testing and evidence collection activities.
  • Participate in code reviews, architecture reviews, and security reviews for pipeline components and infrastructure as code artifacts, ensuring they meet SBA's quality and security standards.
  • Support the implementation and management of source code management practices, repository security configurations, and branching strategies to ensure the integrity and security of SBA's software development environment.
  • Assist in the evaluation and implementation of new DevSecOps tools, technologies, and practices to enhance SBA's software delivery capabilities and security posture.
  • Provide technical support and guidance to development and operations teams on DevSecOps tools, practices, and security requirements, helping to build organizational capability and support for DevSecOps principles.
  • Participate in incident response activities related to CI/CD pipeline issues, security events within the DevSecOps environment, and application deployment failures, supporting timely identification and resolution of issues.
  • Stay current on DevSecOps technology developments, federal policy guidance, and industry best practices, applying this knowledge to continuously improve SBA's DevSecOps capabilities and practices.

Education and Experience:

Required:
  • Bachelor's degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or a related field from an accredited college or university, OR equivalent combination of education and relevant work experience.
  • 4-6 years of progressive experience in software engineering, systems engineering, or DevOps/DevSecOps, with demonstrated hands-on experience designing, implementing, and managing CI/CD pipelines and DevSecOps practices in a federal government or enterprise environment.
  • Demonstrated hands-on experience with CI/CD tools and platforms such as Jenkins, GitLab CI/CD, GitHub Actions, or similar, and container technologies such as Docker and Kubernetes.
  • Demonstrated experience integrating security tools and automation into CI/CD pipelines including SAST, DAST, SCA, and container security scanning solutions.
  • One or more of the following certifications: CompTIA Security+, Certified Kubernetes Administrator (CKA), AWS Certified Developer, Microsoft Certified: Azure Developer Associate, or equivalent DevSecOps or cloud engineering certification.

Desired:
  • Bachelor's or Master's degree in Computer Science, Software Engineering, Information Technology, or a related field.
  • Prior experience supporting DevSecOps implementation activities at a federal civilian agency, preferably the SBA or a similar organization.
  • Certified Kubernetes Administrator (CKA), AWS Certified DevOps Engineer, Microsoft Certified: DevOps Engineer Expert, or other relevant advanced DevSecOps or cloud engineering certifications.

Required Skills and Competencies:
  • Solid knowledge of DevSecOps principles, methodologies, and best practices and their application to the design, implementation, and operation of secure, automated software delivery pipelines in a federal government or enterprise environment.
  • Demonstrated hands-on experience with CI/CD tools and platforms including Jenkins, GitLab CI/CD, GitHub Actions, CircleCI, or similar, and the ability to design, build, and maintain CI/CD pipeline configurations.
  • Solid experience with containerization and container orchestration technologies including Docker and Kubernetes, including experience with container security practices and image scanning in an operational environment.
  • Experience with infrastructure as code (IaC) tools and practices including Terraform, Ansible, AWS CloudFormation, or similar, and their application to automated infrastructure provisioning and management.
  • Experience integrating security automation into CI/CD pipelines including SAST tools such as SonarQube or Checkmarx, DAST tools such as OWASP ZAP or Burp Suite, SCA tools such as Black Duck or Snyk, and container security scanning tools such as Twistlock, Aqua Security, or Anchore.
  • Solid experience with cloud platforms and services including AWS, Microsoft Azure, or Google Cloud Platform, and the application of cloud-native DevSecOps practices and tools within federal environments.
  • Proficient experience with source code management and collaboration platforms including Git, GitHub, GitLab, or Bitbucket, including familiarity with branching strategies, code review processes, and repository security practices.
  • Foundational understanding of federal cybersecurity frameworks, requirements, and guidance including NIST SP 800-53, FISMA, and FedRAMP, and their relevance to DevSecOps practices and pipeline security in a federal environment.
  • Experience with monitoring, logging, and observability tools and platforms such as ELK Stack, Prometheus, Grafana, Splunk, or similar, and their integration into DevSecOps pipelines and operations.
  • Solid experience with scripting and programming languages including Python, Bash, PowerShell, or similar, and their application to pipeline automation, toolchain integration, and infrastructure management tasks.
  • Effective written and oral communication skills in English, with the ability to clearly communicate DevSecOps concepts, pipeline configurations, and technical findings to both technical and non-technical stakeholders.
  • Ability to work both independently and collaboratively in a team environment, demonstrating flexibility and responsiveness to changing priorities and requirements in a fast-paced federal IT environment.
  • Ability to obtain and maintain a Public Trust clearance as required by the SBA.

Desired Skills and Competencies:
  • Prior experience supporting DevSecOps implementation and operations at the SBA or a similar federal civilian agency.
  • Familiarity with SBA's IT environment, development platforms, and mission areas, including an understanding of the challenges and opportunities associated with implementing DevSecOps within the SBA environment.
  • Experience with artifact management and software supply chain security tools and practices including JFrog Artifactory, Nexus Repository, or similar, and their integration into secure software delivery pipelines.
  • Knowledge of service mesh technologies such as Istio or Linkerd and their application to securing microservices architectures within a DevSecOps context.
  • Familiarity with GitOps practices and tools such as ArgoCD or Flux and their application to automated, auditable infrastructure and application deployments.
  • Knowledge of the NIST Secure Software Development Framework (SSDF) and its relevance to DevSecOps implementation in a federal government environment.
  • Experience supporting ATO processes and continuous monitoring programs, including contributing to the automation of security control testing and evidence collection within CI/CD pipelines.
  • Familiarity with software bill of materials (SBOM) concepts and tools and their relevance to software supply chain security and federal compliance requirements.
  • Certified Kubernetes Administrator (CKA), Certified Kubernetes Security Specialist (CKS), AWS Certified DevOps Engineer, Microsoft Certified: DevOps Engineer Expert, or other relevant advanced DevSecOps or cloud certifications.
  • Experience with Red Hat OpenShift and its application to container orchestration and DevSecOps practices in federal IT environments.
  • Basic familiarity with chaos engineering concepts and tools and their application to improving the resilience and reliability of DevSecOps pipelines and application deployments
  • Experience contributing to the development of DevSecOps training materials and delivering technical knowledge-sharing sessions for development and operations team members.

About Koniag Government Services

Koniag Government Services Careers

Join the dynamic team at Koniag Government Services, a leader in providing innovative solutions to government clients. This esteemed company offers a plethora of job opportunities that pave the way for professional growth and career advancement in a diverse and inclusive environment.

Explore Career Opportunities

Koniag Government Services is actively hiring and offers a range of positions that cater to various skills and experiences. Whether you're a seasoned professional or a recent graduate, Koniag Government Services provides a platform to enhance your career through meaningful work in a supportive culture.

Innovation and Leadership

At the forefront of innovation, Koniag Government Services encourages its team to lead with creativity and strategic thinking. The company is committed to leadership development and diversity training, ensuring that all team members have the opportunity to excel and contribute to industry-leading projects.

Professional Growth and Development

Koniag Government Services is dedicated to the professional development of its employees. With comprehensive benefits, competitive employment packages, and opportunities for advancement, the company supports its team in achieving their career goals. Networking within the company and industry is encouraged, fostering a community of learning and mutual growth.

Internship Programs

For those starting their career journey, Koniag Government Services offers internship programs that provide real-world experience and a pathway to full-time employment. Interns gain valuable industry knowledge and develop essential skills under the guidance of experienced mentors.

Commitment to Diversity and Inclusion

Diversity is at the core of Koniag Government Services' values. The company is committed to creating an inclusive environment where diverse voices are heard and valued. Diversity training is integral, equipping the team with the tools to thrive in a multicultural setting.

Applying for a Position

To apply for a position at Koniag Government Services, candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess fit both for the role and the company culture, ensuring alignment with the team’s values and objectives.

Stay Connected with Koniag Government Services Careers

Explore the various job opportunities and embark on a path of professional growth and innovation. Koniag Government Services is not just a workplace but a community where careers flourish in an environment of respect, integrity, and continuous learning.

Search Koniag Government Services Jobs

Discover the exciting career opportunities available at Koniag Government Services. Search for open positions that match your skills and interests, and join a team that values curiosity, creativity, and collaboration.

Keep Up to Date

Stay informed with the latest career tips, industry insights, and company updates directly from Koniag Government Services. Engage with content that can transform your professional journey and lead to rewarding opportunities.

Job Alert Emails

Personalize your subscription to receive job alerts and insider tips tailored to your preferences from Koniag Government Services. See what exciting and rewarding opportunities await in the field of government services.
Learn more about Koniag Government Services
Size
501 employees
Industry

Similar Jobs

More Jobs at Koniag Government Services

More Information Technology Jobs

Find similar DevSecOps Engineer jobs: