DevSecOps Engineer

Our client has a need for a highly skilled Mid and Senior level DevSecOps Engineer(s) to support federal programs hosted on AWS GovCloud. This hybrid role in multi locations - the primary role in McLean, VA, Dayton OH and/or Warner Robins GA requires expertise in DevSecOps best practices, cloud automation, security compliance, and continuous integration/continuous deployment (CI/CD) to enhance the security, scalability, and efficiency of mission-critical applications.

Responsibilities include, but are not limited to the duties listed below

• AWS GovCloud Architecture & Management: Design, implement, and maintain secure, scalable, and compliant AWS GovCloud environments for DoD and Civilian agency applications.
• DevSecOps Pipeline Development: Build and optimize CI/CD pipelines using tools like GitLab CI/CD, Jenkins, AWS CodePipeline, and Terraform to automate deployments and security compliance.
• Security & Compliance: Ensure adherence to Federal cybersecurity frameworks (e.g., NIST 800-171, NIST 800-53, RMF, FedRAMP, Zero Trust). Implement STIGs, security baselines, and automated security scanning (SAST/DAST).
• Infrastructure as Code (IaC): Automate infrastructure provisioning and configuration management using Terraform, CloudFormation, and Ansible.
• Containerization & Orchestration: Deploy and manage Docker containers and Kubernetes clusters in AWS GovCloud, leveraging services like Amazon EKS, ECS, and Fargate.
• Monitoring & Incident Response: Implement AWS CloudWatch, AWS Security Hub, GuardDuty, Splunk, or ELK for proactive monitoring, logging, and compliance reporting.
• Automation & Scripting: Develop automation scripts using Python, Bash, or PowerShell to improve deployment efficiency and security enforcement.
• Collaboration & Knowledge Sharing: Work closely with software developers, cybersecurity teams, and cloud engineers to integrate security and automation into the software development lifecycle (SDLC).

Education, Requirements and Qualifications

• Mid level requires 5+ years of hands-on experience in DevSecOps, Cloud Engineering, or Infrastructure Automation roles.
• Senior level requires 7+ years of hands-on experience in DevSecOps, Cloud Engineering, or Infrastructure Automation roles.
• Strong expertise in AWS GovCloud services, security configurations, and compliance frameworks.
• Experience with CI/CD tools (GitLab CI/CD, Jenkins, AWS CodePipeline, or similar).
• Hands-on experience with Infrastructure as Code (IaC) using Terraform, CloudFormation, and Ansible.
• Proficiency in containerization and orchestration (Docker, Kubernetes, EKS, ECS, Fargate).
• Strong understanding of AWS security services (AWS IAM, GuardDuty, Security Hub, AWS KMS, AWS WAF, AWS Config, AWS Secrets Manager).
• Knowledge of federal cybersecurity frameworks (RMF, NIST 800-171/53, STIGs, Zero Trust).
• Experience implementing automated security testing (SAST, DAST, vulnerability scanning, SBOM management).
• Proficiency in scripting (Python, Bash, PowerShell) for automation and security enforcement.
• Security+, AWS Certified Security
• US citizenship with the ability to obtain successful DoD SECRET security clearance required