Location: Onsite, 100% at the National Capital Region (NRC) or Colorado Springs, CO. No remote work is permitted.
Clearance Requirement: Active TS//SCI with CI Polygraph is mandatory.
Clearance Level: Active TS/SCI with CI Polygraph
About Us.
Position Overview:
We are seeking a highly experienced Senior DevSecOps Engineer to work onsite in Washington, DC or Colorado Springs, CO. The ideal candidate will have a minimum of 6 years of experience in DevSecOps, with extensive knowledge of integrating security into CI/CD pipelines, cloud environments, and containerized applications. The candidate must possess an active TS//SCI clearance with CI polygraph and meet or exceed DoD 8140 IAM Level II or III requirements.
Key Responsibilities: • DevSecOps Pipeline Integration: Design, implement, and manage secure CI/CD pipelines for federal government systems, embedding automated security checks and controls into the software development lifecycle. • Infrastructure as Code (IaC): Develop and manage infrastructure using IaC tools (e.g., Terraform, Ansible) to ensure secure and compliant deployment of systems and services across on-premise and cloud environments. • Security Controls & Compliance: Implement security controls and ensure continuous compliance with federal frameworks, including NIST SP 800-53, RMF, ICD 503, and FedRAMP, in both cloud and containerized environments (IL5-IL6+). • Log Management & Monitoring: Specify and implement log collection processes using tools like Splunk, and perform querying and analysis of aggregated logs to identify security-relevant anomalies and risks. • Cloud Security: Implement and manage security within cloud environments such as AWS GovCloud, Azure Government, and containerized systems using Kubernetes, ensuring all security controls are met and maintained. • Automation & Orchestration: Develop automation scripts and tools to integrate security into all aspects of development, testing, and deployment processes. Ensure security best practices are followed within the DevSecOps lifecycle. • Incident Response: Lead efforts in securing systems during incidents, including conducting forensic analysis, coordinating responses, and ensuring systems are returned to operational status with appropriate remediations. • Collaboration: Work closely with federal development, operations, and security teams to foster a security-first culture and ensure security is embedded in every aspect of system development and deployment. • Documentation and Reporting: Prepare detailed technical documentation for systems, processes, and configurations. Provide clear and concise reports to federal stakeholders on security posture, incidents, and compliance with federal standards.
Qualifications: • Experience: • At least 6 years of experience in DevSecOps, including designing, implementing, and managing CI/CD pipelines, cloud environments, and containerized applications. • Extensive experience with federal government regulatory frameworks (e.g., NIST SP 800-53, RMF, ICD 503, FISMA, FedRAMP). • Strong background in log collection and analysis using tools like Splunk, identifying security anomalies and responding appropriately. • Experience in cloud platforms (AWS GovCloud, Azure Government) and containerized environments (Kubernetes, Docker). • Knowledge of IaC tools such as Terraform, Ansible, and security automation tools. • Education & Certifications: • Bachelor's degree in Computer Science, Information Security, or a related field. • CISSP or equivalent certification to support DoD 8140 requirements (IAM Level II or III preferred). • Technical Expertise: • Proficiency with CI/CD tools (e.g., Jenkins, GitLab, Azure DevOps), IaC tools (e.g., Terraform, Ansible), and security tools (e.g., Fortify, Acunetix, Prisma Cloud). • Experience with cloud security, container security, and DevSecOps practices within highly classified environments (IL5 to IL6+). • Strong understanding of network protocols, operating systems, and infrastructure components, particularly as they relate to secure DevSecOps implementations. • Incident Response: • Proficient in incident response and forensic analysis techniques, ensuring rapid recovery from security incidents while maintaining system integrity. • Communication Skills: • Excellent communication skills, capable of conveying complex security concepts to both technical and non-technical stakeholders.