DevSecOps Engineer

Benefits:

• 401(k) matching
• Competitive salary
• Health insurance
• Paid time off

About this Role:

We are seeking a DevSecOps Engineer with strong federal experience to lead secure CI/CD pipeline design, implementation, and operations—centered on GitLab and modern cloud-native practices. This role will drive security-by-design across the software delivery lifecycle, working closely with development, security, and infrastructure teams to ensure compliant, automated, and repeatable deployments for federal customers.

Key Responsibilities:

CI/CD Pipeline Engineering (GitLab-focused)

• Design, build, and maintain GitLab CI/CD pipelines for multiple applications and services (microservices, APIs, infrastructure-as-code).
• Implement standardized pipeline templates and reusable jobs to support consistent delivery across programs.
• Integrate automated build, test, security scanning, and deployment steps into GitLab pipelines.
• Optimize pipeline performance (caching, parallelization, artifact management) to reduce build and deploy times.

DevSecOps & Automation

• Embed security controls early and continuously in the pipeline (SAST, DAST, SCA, container scanning, IaC scanning).
• Automate compliance checks, policy-as-code, and configuration drift detection.
• Implement and support infrastructure-as-code (IaC) solutions (Terraform, Ansible, CloudFormation, etc.) to provision and manage cloud and on-prem environments.
• Integrate CI/CD with monitoring, logging, and alerting tools to provide full visibility across the delivery pipeline.

Federal Environment & Compliance

• Design and operate pipelines aligned with federal security and compliance requirements (e.g., FISMA, NIST 800-53, FedRAMP, Zero Trust principles).
• Work with ISSOs, AO teams, and security/compliance stakeholders to provide pipeline and environment documentation supporting ATO packages.
• Ensure secure configuration of build agents, runners, secrets management, and artifact repositories in compliance with agency policies.

Collaboration & Technical Leadership

• Partner with development teams to define branching strategies, code review workflows, and release management practices in GitLab.
• Collaborate with cybersecurity teams to respond to vulnerabilities, findings, and audits, and to implement remediations in code and pipelines.
• Provide guidance, documentation, and training to engineers and stakeholders on DevSecOps best practices and GitLab usage.
• Contribute to and enforce standards for coding, configuration management, and deployment processes.

Qualifications and Skills:

• 5+ years of hands-on experience in DevOps/DevSecOps roles.
• 3+ years of experience designing and managing GitLab CI/CD pipelines at scale (GitLab SaaS or self-managed).
• Demonstrated experience supporting federal or public sector programs (civilian, DoD, or health agencies) with understanding of federal security expectations.
• Strong experience with:
• CI/CD tools: GitLab CI, runners, GitLab registry.
• Languages / frameworks: at least one of Python, Java, JavaScript/TypeScript, .NET, Go.
• Containers & orchestration: Docker, Kubernetes (EKS/AKS/GKE or on-prem equivalents).
• Infrastructure-as-Code: Terraform and/or Ansible (or equivalent).
• Security tooling: SAST, DAST, SCA, container image scanning, secrets scanning.
• Hands-on experience deploying to cloud environments (AWS, Azure, GCP) and/or federal on-prem/private cloud environments.
• Familiarity with NIST, FedRAMP, Zero Trust, and common federal security control families (access control, configuration management, incident response, audit & accountability).
• Strong scripting and automation skills (Bash, Python, or similar).
• Excellent communication skills with the ability to explain complex technical concepts to non-technical stakeholders.
• Must be a U.S. Citizen and able to obtain a public trust clearance.

Desired Skills and Competencies:

• Prior experience working directly with HHS, NIH, CMS, ACF, DoD, or similar federal agencies.
• Experience supporting ATO processes, security assessments, and remediation of audit findings.
• Hands-on experience integrating GitLab with:
• Issue tracking (Jira, GitLab issues)
• Artifact repositories (GitLab registry, Nexus, Artifactory)
• SIEM / logging platforms (e.g., Splunk, ELK/Opensearch, CloudWatch, Sentinel).
• Experience implementing Zero Trust aligned architectures for CI/CD and runtime environments.
• Certifications (nice to have, not required):
• DevOps / Cloud: AWS/Azure/GCP Associate or Professional-level, Kubernetes (CKA/CKAD).
• Security: Security+, CISSP, CSSLP, or equivalent.
• GitLab: GitLab Certified Associate / Professional (if applicable).

Additional Information:

What You’ll Do in the First 90 Days

• Assess existing CI/CD pipelines, GitLab projects, and environments for strengths, gaps, and quick wins.
• Establish baseline DevSecOps standards (branching, approvals, scanning, artifact handling, promotions).
• Implement or enhance at least one end-to-end secure CI/CD pipeline for a priority application, including automated security scans and environment provisioning.
• Partner with security and compliance teams to map pipeline controls to NIST/FedRAMP requirements and support ongoing ATO work

Flexible work from home options available.