Posted today
Secret
Mid Level Career (5+ yrs experience)
$125,000 - $145,000
IT - Security
Radford, VA (Off-Site/Hybrid)
- Company: IBM
- Location: Radford, VA - can live within 4 hours of location and work hybrid 2-3 days onsite, at minimum 1 week per month, sometimes for 3 weeks per month or 2-3 days onsite. Travel expenses will be reimbursed.
- Clearance: Secret
- Duration: 1 year contract, most likely to extend up to 5 years
Required Skills & Experience
• Strong expertise in implementing and managing DevSecOps frameworks using tools such as GitLab, Azure DevOps, or Atlassian.
• Proficiency in Infrastructure as Code (IaC) tools, including Terraform and Ansible.
• Experience with containerization and orchestration tools, such as Docker, Kubernetes, and Red Hat OpenShift.
Desired Skills:
• Knowledge of static application security testing (SAST) and dynamic application security testing (DAST) tools (e.g., SonarQube, OWASP ZAP, Burp Suite).
• Familiarity with container image scanning tools (e.g., Trivy, Clair, Anchore).
• Experience with secrets management tools (e.g., HashiCorp Vault, Sealed Secrets).
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating tasks and workflows.
• Experience with CI/CD pipeline automation and optimization.
• Working knowledge of DoD STIGs, IA Vulnerability Management (IAVM), and Risk Management Framework (RMF) and/or industry hardening best practices and processes.
• Experience with monitoring tools such as Prometheus, Grafana, and GitLab CI/CD dashboards.
• Strong troubleshooting skills for diagnosing issues in CI/CD pipelines and Kubernetes workloads.
Required Certifications:
• DoD 8570.01-M IAT Level II certification (e.g., Security+ CE).
• Must obtain computing environment certifications (e.g., any GitLab certification, Azure DevOps, Jira, etc.) within 6 months of hire.
Position Overview:
This position is for a DevSecOps Engineer supporting DoD project for a federal customer. The project solution is a hyperconverged, multitenant hosting environment for hosting Army enterprise and tactical applications. The project is transitioning to a Kubernetes-based container orchestration platform, which may include Red Hat OpenShift or other Kubernetes distributions, to implement a modernized Software Defined Data Center (SDDC). The DevSecOps Engineer will play a critical role in modernizing applications into a DevSecOps framework, leveraging tools such as GitLab, Terraform, Ansible, and other automation and security tools to streamline development, deployment, and security processes. The customer provides value-added common and managed services built on top of the Kubernetes foundation, which hosted Army applications will require. The customer is a managed service provider (MSP) and hosting services provider for Army applications.
Position Duties:
The DevSecOps Engineer will be responsible for the following tasks:
• Design, implement, and maintain a DevSecOps framework for modernizing applications hosted in the AECC environment.
• Integrate tools such as GitLab Ultimate, Terraform, and Ansible into CI/CD pipelines to automate application development, deployment, and security processes.
• Develop and enforce security gates within CI/CD pipelines to ensure secure code, container images, and configurations are deployed.
• Collaborate with developers to containerize legacy applications and migrate them into Kubernetes-based environments.
• Integrate static application security testing (SAST), dynamic application security testing (DAST), and container image scanning tools into CI/CD pipelines.
• Use tools such as Trivy, Clair, or Anchore to scan container images for vulnerabilities.
• Implement secrets management solutions (e.g., HashiCorp Vault, Sealed Secrets) to securely manage sensitive data in pipelines and applications.
• Monitor CI/CD pipelines and Kubernetes workloads for performance, security, and compliance using the GitLab CI/CD dashboards.
• Optimize pipeline performance and resource utilization to reduce deployment times and improve scalability.
• Work closely with developers, Kubernetes administrators, and cybersecurity teams to ensure applications meet security and operational requirements.
• Provide training and guidance to development teams on DevSecOps best practices, tools, and workflows.
• Collaborate with internal and external stakeholders to transform high-level technical objectives into comprehensive technical requirements.
• Ensure applications and pipelines comply with frameworks such as DoD RMF, CIS Benchmarks, and NIST 800-53.
• Generate reports on pipeline security, application compliance, and deployment metrics for leadership and stakeholders.
- Location: Radford, VA - can live within 4 hours of location and work hybrid 2-3 days onsite, at minimum 1 week per month, sometimes for 3 weeks per month or 2-3 days onsite. Travel expenses will be reimbursed.
- Clearance: Secret
- Duration: 1 year contract, most likely to extend up to 5 years
Required Skills & Experience
• Strong expertise in implementing and managing DevSecOps frameworks using tools such as GitLab, Azure DevOps, or Atlassian.
• Proficiency in Infrastructure as Code (IaC) tools, including Terraform and Ansible.
• Experience with containerization and orchestration tools, such as Docker, Kubernetes, and Red Hat OpenShift.
Desired Skills:
• Knowledge of static application security testing (SAST) and dynamic application security testing (DAST) tools (e.g., SonarQube, OWASP ZAP, Burp Suite).
• Familiarity with container image scanning tools (e.g., Trivy, Clair, Anchore).
• Experience with secrets management tools (e.g., HashiCorp Vault, Sealed Secrets).
• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating tasks and workflows.
• Experience with CI/CD pipeline automation and optimization.
• Working knowledge of DoD STIGs, IA Vulnerability Management (IAVM), and Risk Management Framework (RMF) and/or industry hardening best practices and processes.
• Experience with monitoring tools such as Prometheus, Grafana, and GitLab CI/CD dashboards.
• Strong troubleshooting skills for diagnosing issues in CI/CD pipelines and Kubernetes workloads.
Required Certifications:
• DoD 8570.01-M IAT Level II certification (e.g., Security+ CE).
• Must obtain computing environment certifications (e.g., any GitLab certification, Azure DevOps, Jira, etc.) within 6 months of hire.
Position Overview:
This position is for a DevSecOps Engineer supporting DoD project for a federal customer. The project solution is a hyperconverged, multitenant hosting environment for hosting Army enterprise and tactical applications. The project is transitioning to a Kubernetes-based container orchestration platform, which may include Red Hat OpenShift or other Kubernetes distributions, to implement a modernized Software Defined Data Center (SDDC). The DevSecOps Engineer will play a critical role in modernizing applications into a DevSecOps framework, leveraging tools such as GitLab, Terraform, Ansible, and other automation and security tools to streamline development, deployment, and security processes. The customer provides value-added common and managed services built on top of the Kubernetes foundation, which hosted Army applications will require. The customer is a managed service provider (MSP) and hosting services provider for Army applications.
Position Duties:
The DevSecOps Engineer will be responsible for the following tasks:
• Design, implement, and maintain a DevSecOps framework for modernizing applications hosted in the AECC environment.
• Integrate tools such as GitLab Ultimate, Terraform, and Ansible into CI/CD pipelines to automate application development, deployment, and security processes.
• Develop and enforce security gates within CI/CD pipelines to ensure secure code, container images, and configurations are deployed.
• Collaborate with developers to containerize legacy applications and migrate them into Kubernetes-based environments.
• Integrate static application security testing (SAST), dynamic application security testing (DAST), and container image scanning tools into CI/CD pipelines.
• Use tools such as Trivy, Clair, or Anchore to scan container images for vulnerabilities.
• Implement secrets management solutions (e.g., HashiCorp Vault, Sealed Secrets) to securely manage sensitive data in pipelines and applications.
• Monitor CI/CD pipelines and Kubernetes workloads for performance, security, and compliance using the GitLab CI/CD dashboards.
• Optimize pipeline performance and resource utilization to reduce deployment times and improve scalability.
• Work closely with developers, Kubernetes administrators, and cybersecurity teams to ensure applications meet security and operational requirements.
• Provide training and guidance to development teams on DevSecOps best practices, tools, and workflows.
• Collaborate with internal and external stakeholders to transform high-level technical objectives into comprehensive technical requirements.
• Ensure applications and pipelines comply with frameworks such as DoD RMF, CIS Benchmarks, and NIST 800-53.
• Generate reports on pipeline security, application compliance, and deployment metrics for leadership and stakeholders.
group id: 10112344
Defining Company Culture
