Description
Description
Position Overview
We are seeking a talented and motivated DevSecOps Engineer with expertise in designing, implementing, and optimizing secure, scalable CI/CD pipelines in highly regulated and secure environments. The ideal candidate will play a critical role in ensuring secure software delivery while adhering to compliance requirements, such as operating within Impact Level 6 (IL6) closed environments. This role requires hands-on experience with modern DevSecOps tools, platforms, and methodologies, including GitLab, Kubernetes, image scanning, static analysis tools, and software signing tools like Cosign.
The DevSecOps Engineer will collaborate with cross-functional teams, including developers, system administrators, and cybersecurity professionals, to deploy secure and resilient infrastructure, applications, and pipelines.
Key Responsibilities
• Deploy and maintain secure CI/CD pipelines that support the full software development lifecycle using tools like GitLab, Terraform Helm, or Ansible .
• Deploy and maintain multi-stage CI/CD pipelines (e.g., build, test, scan, release, deploy) for efficient, secure delivery of applications.
• Build and manage Kubernetes clusters in development, testing, and production environments.
• Ensure security best practices, including Role-Based Access Control (RBAC), namespace isolation, and secure ingress/egress traffic configurations.
• Deploy tools and processes to enable rapid provisioning and repeatability while maintaining compliance with cyber and operational standards.
• Work within a secure, air-gapped IL6 environment and implement robust processes to ensure compliance with DoD or other regulatory frameworks.
• Design solutions to securely handle sensitive data, binaries, and infrastructure in disconnected networks.
• Integrate DevSecOps tools such as image scanners, static code analysis tools, Cosign for software signing, and vulnerability management frameworks into the pipeline.
• Manage, configure, and maintain Windows Server (Active Directory, Group Policy, DNS, DHCP).
• Implement and ensure the security and availability of Windows and Linux systems, including patch management, vulnerability assessments, and compliance with organizational policies.
• Automate recurring tasks using scripting tools like PowerShell, Python, or Bash to improve operational efficiency.
• Troubleshoot issues within Windows (file systems, network connectivity, performance, and authentication).
• Plan and execute upgrades, migrations, and installations for both Windows and Linux systems.
• Collaborate with cross-functional teams to ensure systems integration and operational effectiveness.
• Develop and deliver technical documentation, including CI/CD pipeline configurations, workflow processes, and build instructions
Qualifications
Required Skills and Qualifications:
• Technical Education/Clearance:
• Must have BS Degree with (6) six years of experience
• Security+ Certification
• Must an active Secret Clearance
• Technical Sills:
• Proficiency with GitLab CI/CD and Git-based workflows to version control and orchestrate pipelines.
• Strong hands-on experience with Kubernetes, container technologies (e.g., Docker), and managing workloads within those platforms.
• Comprehensive understanding of CI/CD pipeline stages (e.g., build, test, security scan, deployment) and best practices for automation.
• Knowledge and experience working in secure environments, specifically Impact Level 6 (IL6) or similarly controlled environments, with a strong understanding of DoD or equivalent compliance frameworks.
• Proficiency in tools for security automation:
• Image Scanning Tools (e.g., Anchore).
• Static Code Analysis Tools (e.g., SonarQube).
• Software Signing Tools (e.g., Cosign) for image and binary integrity verification.
•
• Hands-on experience with container hardening and vulnerability remediation.
• Programming and Automation
• Strong scripting and automation skills for automating configuration, build, and deployment processes.
• Proficiency with Infrastructure as Code (IaC) tools like Terraform, Helm, or Ansible for provisioning and managing secure environments.
• Communication and Teamwork
• Ability to effectively communicate complex technical concepts to developers, security teams, and stakeholders.
• Proven experience collaborating in multidisciplinary teams within Agile or DevSecOps methodologies
Apply on company website
Find Connections via Linkedin
