Who We're Looking For (Position Overview):The DevSecOps Engineer supports infrastructure automation, configuration management, continuous integration and continuous delivery (CI/CD) workflows, containerized delivery, and secure software delivery practices in a hybrid cloud environment. This role is intended to extend and mature existing engineering capabilities rather than build a new operating model from scratch.
What Your Day-To-Day Looks Like (Position Responsibilities):- Maintain, extend, and improve infrastructure-as-code repositories using Terraform and OpenTofu.
- Develop and maintain configuration-as-code assets using Ansible.
- Build, maintain, and improve GitHub Actions workflows for build, test, scanning, and deployment automation.
- Support containerized delivery using Docker and Kubernetes, including manifests, Helm charts, role-based access control (RBAC), and image hardening and scanning.
- Integrate security practices into delivery pipelines, including static application security testing (SAST), secrets scanning, policy-as-code, and compliance hardening.
- Participate in stand-ups, sprint planning, technical reviews, peer reviews, and documentation updates.
What You Need to Succeed (Minimum Requirements):- Five years of experience in DevSecOps, infrastructure automation, or continuous integration and continuous delivery (CI/CD) pipeline engineering.
- Hands-on experience with Terraform and OpenTofu, including modules, remote state, and workspace management.
- Proficiency with Ansible, including playbooks, roles, inventories, and secrets handling.
- Demonstrated experience designing and maintaining GitHub Actions workflows.
- Working knowledge of Docker, Kubernetes, Helm, and container security scanning tools.
- Familiarity with SAST tools, secrets scanning, policy-as-code frameworks, and Git-based workflows.
- Ability to meet federal screening and suitability requirements prior to start.
Ideally, You Also Have (Preferred Qualifications):- Experience in regulated or federal environments.
- Familiarity with National Institute of Standards and Technology (NIST) Special Publication 800-53, the Federal Information Security Modernization Act (FISMA), and Federal Risk and Authorization Management Program (FedRAMP) compliance requirements.
- Amazon Web Services (AWS) cloud platform experience.
- Experience with secrets management tools such as HashiCorp Vault, plus Python and Bash scripting.
