DevSecOps Engineer

Position Summary

Softtek Government Solutions (SGS) is seeking a Mid-Level DevSecOps Engineer to support the Congressional Budget Office (CBO) DevSecOps Engineering Services task order. CBO maintains a hybrid cloud infrastructure environment supported by established DevSecOps practices, security baselines, and federal compliance frameworks; this role augments existing engineering staff to extend and mature CBO's infrastructure automation, CI/CD pipeline capabilities, container orchestration, and security-hardened delivery practices.

The engineer integrates seamlessly with CBO's engineering team, inherits existing patterns and standards rather than designing from scratch, and incrementally enhances capabilities within an active production environment. Work spans Infrastructure as Code (Terraform/OpenTofu), Configuration as Code (Ansible), CI/CD pipeline development (GitHub Actions), container build and orchestration (Docker/Kubernetes), and security integration/compliance hardening - all performed within CBO's established version control, change management, and peer review workflows.

Responsibilities

• Infrastructure as Code (IaC) - Terraform / OpenTofu:

Maintain, extend, and improve existing Terraform/OpenTofu codebases used to provision and manage cloud and hybrid infrastructure, including modular/reusable configurations, state/remote backend management, plan/apply workflows within change control, and refactoring legacy configurations; do not introduce new tooling without prior CBO IRM approval.

• Configuration as Code (CaC) - Ansible:

Develop and maintain Ansible playbooks and roles to automate system configuration, compliance enforcement, patch management, and application deployment; adhere to CBO role structure, variable conventions, and inventory management standards.

• CI/CD Pipeline Development - GitHub Actions:

Build, maintain, and improve GitHub Actions workflows to automate build/test/security scanning/deployment; incorporate security gates including SAST, dependency scanning, secrets detection, and policy-as-code validation; ensure peer review and compliance with CBO branching/approval standards for workflow changes.

• Container Management - Docker and Kubernetes:

Support containerized delivery using Docker for builds and Kubernetes for orchestration, including hardened Dockerfiles, Kubernetes manifests and Helm charts, namespace/RBAC configuration, and cluster health monitoring/troubleshooting; scan container images for vulnerabilities prior to deployment.

• Security Integration and Compliance Hardening:

Integrate shift-left security across the SDLC, including SAST/DAST integration into pipelines, enforcing CIS benchmarks and CBO baselines for infrastructure/containers, supporting NIST SP 800-53 and FISMA compliance needs, and producing documentation for audits and assessments.

Qualifications

• Must be a US Citizen
• Hands-on experience with Terraform and OpenTofu, including module development, remote state management, and workspace management.
• Proficiency with Ansible playbook/role development, dynamic inventories, and Ansible Vault for secrets management.
• Demonstrated experience designing and maintaining GitHub Actions workflows, including reusable workflows, matrix builds, and security gate integration.
• Working knowledge of Docker image authoring/hardening, Kubernetes/Helm chart management, and container scanning tools (Trivy, Grype, or equivalent).
• Familiarity with SAST tools (Semgrep, Checkov, tfsec), secrets scanning (Gitleaks, Detect-Secrets), and policy-as-code frameworks (OPA/Rego).
• Proficiency with Git-based workflows - branching strategies, pull request reviews, and protected branch enforcement.
• Preferred: federal/regulated environment experience, NIST SP 800-53/FISMA/FedRAMP familiarity, AWS, HashiCorp Vault, and Python/Bash scripting.

Preferred Qualifications

• Experience in a federal or highly regulated environment.
• Familiarity with NIST SP 800-53, FISMA, and FedRAMP compliance requirements.
• Cloud platform experience (AWS).
• Experience with secrets management tools (e.g., HashiCorp Vault).
• Scripting proficiency in Python and Bash.

Required Clearance

• Eligible for Public Trust Tier 2 suitability determination

Softtek Government Solutions encourages collaborative communication and ongoing learning. Some of our benefits include:

• Extensive training programs
• Gym membership reimbursement
• Education reimbursement
• Technology benefits
• Commuter benefits
• Generous paid time off and much more!