T-REX

Senior DevSecOps Engineer

T-REX$100K — $170K *
Arlington, VA 22204In-Person
Information Technology
8 - 10 years of experience
Today
Be an Early Applicant
Job Overview by Ladders

Qualifications

  • Bachelor's degree in a relevant technical field (e.g., Computer Science, Cybersecurity).
  • 8+ years of experience in software engineering or related fields.
  • Proven experience in enterprise DevSecOps implementation.
  • Expertise in CI/CD pipeline and deployment automation.
  • Familiarity with Azure and its ecosystem.
  • Extensive knowledge of DevSecOps tools and frameworks.
  • Strong understanding of Zero Trust Architecture and compliance standards.

Responsibilities

  • Design and maintain enterprise DevSecOps solutions, integrating security and operations.
  • Build and optimize CI/CD pipelines for automated processes.
  • Support development teams with security and compliance throughout the SDLC.
  • Develop Infrastructure as Code (IaC) solutions for automated management.
  • Research and recommend emerging tools and technologies for DevSecOps best practices.
  • Embed security controls within all phases of the software lifecycle.
  • Lead automated testing strategies within DevSecOps pipelines.

Benefits

  • Primarily remote work with occasional in-person meetings in Arlington, VA.
  • Mentorship opportunities in DevSecOps practices and methodologies.
  • Engagement with federal cybersecurity compliance standards.
  • Chance to work on modern cloud and on-premises infrastructure solutions.
Full Job Description
T-Rex Solutions is seeking a Senior DevSecOps Engineer to support our FDIC customer. This role is primarily remote with potential for occasional meetings at FDIC HQ in Arlington, VA as needed.

Responsibilities:
  • DevSecOps Engineering and Automation
    • Design, develop, implement, and maintain enterprise DevSecOps solutions that integrate development, security, testing, and operations capabilities.
    • Build and optimize CI/CD pipelines that support automated software builds, testing, security scanning, deployment, and release management.
    • Support software development teams by integrating security, compliance, and quality controls throughout the SDLC.
    • Develop and maintain Infrastructure as Code (IaC) solutions to automate provisioning, configuration, and management of cloud and on-premises infrastructure.
    • Implement automated deployment and configuration management processes to improve consistency, reliability, and scalability.
    • Participate in the design, configuration, testing, administration, and monitoring of enterprise DevSecOps toolchains.
    • Research, evaluate, and recommend emerging DevSecOps technologies, tools, frameworks, and best practices.
  • Security Integration
    • Embed security controls and compliance requirements into all phases of the SDLC.
      • Integrate and maintain application security tools and processes, including: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Container and image scanning, Secret detection and credential management, Infrastructure security scanning, and Fuzz testing
    • Support implementation of Zero Trust security principles across development and operational environments.
    • Ensure compliance with federal cybersecurity requirements and security engineering best practices.
    • Assist with vulnerability identification, remediation planning, risk mitigation, and security reporting.
    • Support audit readiness activities and compliance documentation requirements.
  • Automated Testing and Quality Engineering
    • Develop and lead enterprise testing automation strategies integrated within DevSecOps pipelines.
    • Implement automated functional, integration, regression, performance, load, and security testing capabilities.
    • Enable self-service testing capabilities for product teams and development organizations.
    • Establish and maintain testing frameworks, automation standards, and quality assurance processes.
    • Define and implement test coverage metrics, quality gates, pass/fail criteria, and release readiness requirements.
    • Champion shift-left testing practices by integrating validation and testing activities early in the SDLC.
    • Promote continuous improvement of test plans, test data management processes, and automated testing frameworks.
    • Ensure traceability between requirements, work items, source code, test cases, vulnerabilities, risk mitigation activities, and releases.
    • Analyze and report testing outcomes, quality trends, vulnerabilities, and performance metrics to stakeholders and leadership.
  • Technical Leadership
    • Provide technical leadership and mentorship to software engineers, DevSecOps practitioners, testers, and operations personnel.
    • Serve as a subject matter expert for DevSecOps methodologies, toolchains, automation frameworks, and software engineering best practices.
    • Support architecture reviews, design discussions, technical evaluations, and modernization initiatives.
    • Collaborate with Solution Architects, Security Architects, Product Owners, and technical teams to ensure alignment with organizational goals.

Requirements:
  • Bachelor's degree in Computer Science, Software Engineering, Computer Engineering, Information Systems, Cybersecurity, or a related technical field.
  • Minimum of 8 years of experience in software engineering, DevOps, DevSecOps, cloud engineering, cybersecurity engineering, or related disciplines.
  • Demonstrated experience implementing DevSecOps practices within enterprise environments, supporting complex application development and modernization initiatives.
  • Experience developing and maintaining CI/CD pipelines and deployment automation frameworks.
  • Experience integrating automated testing and security controls into software delivery processes.
  • Experience supporting hybrid cloud and on-premises environments.
  • Strong understanding of Agile software development methodologies.
  • Extensive experience with DevSecOps tools, automation frameworks, and software delivery platforms.
  • Strong knowledge of Microsoft Azure
  • Experience with the following toolset: GitHub Enterprise Server/Cloud, JFrog Artifactory, JFrog Xray, SonarQube, GitHub Advanced Security, GitHub Copilot, and Subject7
  • Knowledge of containerization and infrastructure technologies including Azure Kubernetes Services (AKS), Virtual Machines, Application Gate Way, App Services, Key Vaults, ServiceNow, CyberArk, and Terraform
  • Proficiency in one or more modern programming and scripting languages such as Java, C#, Python
  • Experience with source code repositories, version control systems, and artifact management platforms.
  • Strong understanding of:
    • Zero Trust Architecture
    • Application Security (AppSec)
    • NIST 800-53 security controls
    • Continuous Monitoring
    • Logging and Audit Requirements (M-21-31)
  • Knowledge of enterprise testing frameworks and automated quality assurance practices.
  • Strong written and verbal communication skills with demonstrated experience briefing senior-level personnel.
  • Experience supporting Continuous Authority to Operate (ATO) initiatives.
  • Ability to obtain and maintain a Public Trust, suitability determination, or other clearance level required.

Desired Skills:
  • One or more of the following certifications are preferred:
    • Certified Kubernetes Administrator (CKA)
    • Certified Kubernetes Security Specialist (CKS)
    • Microsoft Azure DevOps Engineer Expert
    • Microsoft Azure Solutions Architect Expert
    • DevSecOps Foundation or equivalent certification

About T-REX

T-REX is a financial technology company that provides data and analytics to the renewable energy industry. The company was founded in 2012 and is headquartered in New York, New York. T-REX's platform is designed to help investors and developers evaluate and manage risk in renewable energy projects. The company's tools include cash flow modeling, risk analysis, and portfolio management features. T-REX's platform is used by a variety of clients across the renewable energy industry, including banks, asset managers, and project developers.
Learn more about T-REX
Size
50 employees
Industry
Finance & Insurance
Founded
2012
* Ladders Estimates

Similar Jobs

Ad banner background

Get Ready For Your
Next Interview

More Jobs at T-REX

  • T-REX
    Senior DevSecOps Engineer
    $100K — $170K *
    Arlington, VA 22204 (Arlington County)
    Today
    Information Technology
    In-Person
  • T-REX
    Information Systems Security Officer 2
    $160K — $190K *
    Fort George G Meade, MD 20755 (Anne Arundel County)
    Today
    Information Technology
    In-Person
  • T-REX
    Technical Writer
    $120K — $160K *
    Annapolis Junction, MD 20701 (Howard County)
    Yesterday
    Education, Government & Non-Profit
    In-Person
  • T-REX
    Technical Writer
    $120K — $160K *
    Annapolis, MD 21401 (Anne Arundel County)
    Yesterday
    Aerospace & Defense
    In-Person
  • T-REX
    HPC Software Engineer 3
    $160K — $200K *
    Fort George G Meade, MD 20755 (Anne Arundel County)
    2 weeks ago
    Aerospace & Defense
    In-Person

More Information Technology Jobs

Find similar Senior DevSecOps Engineer jobs:

NationwideArlington, VA