DevSecOps Engineer
Description:
Our client has a need for a highly skilled Mid and Senior level DevSecOps Engineer(s) to support federal programs hosted on AWS GovCloud. This hybrid role in multi locations - the primary role in McLean, VA, Dayton OH and/or Warner Robins GA requires expertise in DevSecOps best practices, cloud automation, security compliance, and continuous integration/continuous deployment (CI/CD) to enhance the security, scalability, and efficiency of mission-critical applications.
Responsibilities include, but are not limited to the duties listed below
AWS GovCloud Architecture & Management: Design, implement, and maintain secure, scalable, and compliant AWS GovCloud environments for DoD and Civilian agency applications.
DevSecOps Pipeline Development: Build and optimize CI/CD pipelines using tools like GitLab CI/CD, Jenkins, AWS CodePipeline, and Terraform to automate deployments and security compliance.
Security & Compliance: Ensure adherence to Federal cybersecurity frameworks (e.g., NIST 800-171, NIST 800-53, RMF, FedRAMP, Zero Trust). Implement STIGs, security baselines, and automated security scanning (SAST/DAST).
Infrastructure as Code (IaC): Automate infrastructure provisioning and configuration management using Terraform, CloudFormation, and Ansible.
Containerization & Orchestration: Deploy and manage Docker containers and Kubernetes clusters in AWS GovCloud, leveraging services like Amazon EKS, ECS, and Fargate.
Monitoring & Incident Response: Implement AWS CloudWatch, AWS Security Hub, GuardDuty, Splunk, or ELK for proactive monitoring, logging, and compliance reporting.
Automation & Scripting: Develop automation scripts using Python, Bash, or PowerShell to improve deployment efficiency and security enforcement.
Collaboration & Knowledge Sharing: Work closely with software developers, cybersecurity teams, and cloud engineers to integrate security and automation into the software development lifecycle (SDLC). Education, Requirements and Qualifications
Mid level requires 5+ years of hands-on experience in DevSecOps, Cloud Engineering, or Infrastructure Automation roles.
Senior level requires 7+ years of hands-on experience in DevSecOps, Cloud Engineering, or Infrastructure Automation roles.
Strong expertise in AWS GovCloud services, security configurations, and compliance frameworks.
Experience with CI/CD tools (GitLab CI/CD, Jenkins, AWS CodePipeline, or similar).
Hands-on experience with Infrastructure as Code (IaC) using Terraform, CloudFormation, and Ansible.
Proficiency in containerization and orchestration (Docker, Kubernetes, EKS, ECS, Fargate).
Strong understanding of AWS security services (AWS IAM, GuardDuty, Security Hub, AWS KMS, AWS WAF, AWS Config, AWS Secrets Manager).
Knowledge of federal cybersecurity frameworks (RMF, NIST 800-171/53, STIGs, Zero Trust).
Experience implementing automated security testing (SAST, DAST, vulnerability scanning, SBOM management).
Proficiency in scripting (Python, Bash, PowerShell) for automation and security enforcement.
Security+, AWS Certified Security
US citizenship with the ability to obtain successful DoD SECRET security clearance required