Tech Stack

Description

As a Sr. DevSecOps Engineer, you will design, implement, and maintain secure CI/CD pipelines and infrastructure as code across multiple classified AWS environments, integrating security practices throughout the development lifecycle. You'll collaborate with cross-functional teams to deliver high-quality, secure software solutions that support US federal missions.

Requirements

• IAT Level 2 Certification (CompTIA Security+, GSEC, SSCP, etc)
• 10+ years of experience as a DevSecOps Engineer or similar role
• Experience with DevOps practices, CI/CD pipelines, containerization, and automation tools (Jenkins, GitLab CI/CD, Artifactory, SonarQube, Prisma Cloud)
• Experience delivering DevSecOps services across multiple classified domains
• Expert understanding of AWS capabilities (EC2, S3, IAM, RDS, etc) and architecting secure cloud-based infrastructure
• Strong experience with Infrastructure as Code (IaC) tools (Terraform, CloudFormation, Ansible)
• Strong experience with scripting languages (Python, Bash) in a Linux environment (RHEL, Oracle Linux, or similar)
• Active TS/SCI with polygraph clearance

Responsibilities

• Collaborate with customers and internal teams to design and implement automatic technical solutions across multiple classification environments.
• Develop CI/CD pipelines from scratch in GitLab CI and Jenkins with integrated security scanning and STIG compliance validation.
• Create and maintain Infrastructure as Code (IaC) templates primarily using CloudFormation to architect highly available, resilient, and secure DevSecOps tool infrastructure across AWS environments.
• Lead advanced troubleshooting efforts by analyzing system and application logs using Linux command-line tools, conducting root cause analysis, and developing mitigation strategies.
• Provide expert security guidance to development teams on secure coding practices, STIG compliance, vulnerability remediation, and other best practices.
• Mentor junior engineers through code reviews, technical guidance, and knowledge sharing while maintaining technical documentation.