DevSecOps Engineer

I

IMAGINEEER LLC

DevSecOps Engineer

Washington, DC
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k) matching

    Competitive salary

    Health insurance

    Paid time off

    About this Role:

    We are seeking a DevSecOps Engineer with strong federal experience to lead secure CI/CD pipeline design, implementation, and operations—centered on GitLab and modern cloud-native practices. This role will drive security-by-design across the software delivery lifecycle, working closely with development, security, and infrastructure teams to ensure compliant, automated, and repeatable deployments for federal customers.

    Key Responsibilities:

    CI/CD Pipeline Engineering (GitLab-focused) • Design, build, and maintain GitLab CI/CD pipelines for multiple applications and services (microservices, APIs, infrastructure-as-code). • Implement standardized pipeline templates and reusable jobs to support consistent delivery across programs. • Integrate automated build, test, security scanning, and deployment steps into GitLab pipelines. • Optimize pipeline performance (caching, parallelization, artifact management) to reduce build and deploy times.

    DevSecOps & Automation • Embed security controls early and continuously in the pipeline (SAST, DAST, SCA, container scanning, IaC scanning). • Automate compliance checks, policy-as-code, and configuration drift detection. • Implement and support infrastructure-as-code (IaC) solutions (Terraform, Ansible, CloudFormation, etc.) to provision and manage cloud and on-prem environments. • Integrate CI/CD with monitoring, logging, and alerting tools to provide full visibility across the delivery pipeline.

    Federal Environment & Compliance • Design and operate pipelines aligned with federal security and compliance requirements (e.g., FISMA, NIST 800-53, FedRAMP, Zero Trust principles). • Work with ISSOs, AO teams, and security/compliance stakeholders to provide pipeline and environment documentation supporting ATO packages. • Ensure secure configuration of build agents, runners, secrets management, and artifact repositories in compliance with agency policies.

    Collaboration & Technical Leadership • Partner with development teams to define branching strategies, code review workflows, and release management practices in GitLab. • Collaborate with cybersecurity teams to respond to vulnerabilities, findings, and audits, and to implement remediations in code and pipelines. • Provide guidance, documentation, and training to engineers and stakeholders on DevSecOps best practices and GitLab usage. • Contribute to and enforce standards for coding, configuration management, and deployment processes.

    Qualifications and Skills:

    • 5+ years of hands-on experience in DevOps/DevSecOps roles. • 3+ years of experience designing and managing GitLab CI/CD pipelines at scale (GitLab SaaS or self-managed). • Demonstrated experience supporting federal or public sector programs (civilian, DoD, or health agencies) with understanding of federal security expectations. • Strong experience with: • CI/CD tools: GitLab CI, runners, GitLab registry. • Languages / frameworks: at least one of Python, Java, JavaScript/TypeScript, .NET, Go. • Containers & orchestration: Docker, Kubernetes (EKS/AKS/GKE or on-prem equivalents). • Infrastructure-as-Code: Terraform and/or Ansible (or equivalent). • Security tooling: SAST, DAST, SCA, container image scanning, secrets scanning. • Hands-on experience deploying to cloud environments (AWS, Azure, GCP) and/or federal on-prem/private cloud environments. • Familiarity with NIST, FedRAMP, Zero Trust, and common federal security control families (access control, configuration management, incident response, audit & accountability). • Strong scripting and automation skills (Bash, Python, or similar). • Excellent communication skills with the ability to explain complex technical concepts to non-technical stakeholders.

    Must be a U.S. Citizen and able to obtain a public trust clearance.

    Desired Skills and Competencies:

    • Prior experience working directly with HHS, NIH, CMS, ACF, DoD, or similar federal agencies. • Experience supporting ATO processes, security assessments, and remediation of audit findings. • Hands-on experience integrating GitLab with: • Issue tracking (Jira, GitLab issues) • Artifact repositories (GitLab registry, Nexus, Artifactory) • SIEM / logging platforms (e.g., Splunk, ELK/Opensearch, CloudWatch, Sentinel). • Experience implementing Zero Trust aligned architectures for CI/CD and runtime environments. • Certifications (nice to have, not required): • DevOps / Cloud: AWS/Azure/GCP Associate or Professional-level, Kubernetes (CKA/CKAD). • Security: Security+, CISSP, CSSLP, or equivalent. • GitLab: GitLab Certified Associate / Professional (if applicable).

    Additional Information:

    What You’ll Do in the First 90 Days • Assess existing CI/CD pipelines, GitLab projects, and environments for strengths, gaps, and quick wins. • Establish baseline DevSecOps standards (branching, approvals, scanning, artifact handling, promotions). • Implement or enhance at least one end-to-end secure CI/CD pipeline for a priority application, including automated security scans and environment provisioning. • Partner with security and compliance teams to map pipeline controls to NIST/FedRAMP requirements and support ongoing ATO work

    Flexible work from home options available.