DevSecOps Engineer - Clearance Required

Lmi Consulting - Tysons, VA

posted 3 months ago

Full-time - Senior
Remote - Tysons, VA
Professional, Scientific, and Technical Services

About the position

LMI is seeking an experienced Senior DevSecOps Engineer with an active SECRET clearance or above to support a strategic United States Army organization in transforming and modernizing software delivery. This role is fully remote, with limited travel requirements. The ideal candidate will have a minimum of 10 years of experience in the field, with a strong background in DevSecOps practices and methodologies. Previous experience with US Army software delivery is highly desirable. As a DevSecOps Engineer, you will be responsible for integrating security measures within CI/CD pipelines, conducting regular security assessments, and ensuring compliance with Army and Department of Defense (DoD) security standards. You will develop and maintain automation scripts, utilize configuration management tools, and manage CI/CD pipelines to ensure efficient software delivery. Your role will also involve setting up monitoring solutions, collaborating with security teams, and providing training on security best practices. In addition, you will utilize Infrastructure as Code (IaC) tools to manage and provision infrastructure, identify security risks throughout the development lifecycle, and maintain compliance with relevant regulations. Performance optimization, research and development of new technologies, and disaster recovery planning will also be key components of your responsibilities. This position requires a systematic problem-solving approach, effective communication skills, and the ability to work collaboratively with various teams.

Responsibilities

  • Implement security measures and controls within CI/CD pipelines.
  • Conduct regular security assessments and vulnerability scans.
  • Ensure compliance with Army and Department of Defense (DoD) security standards and policies.
  • Develop and maintain automation scripts to streamline and enhance deployment processes.
  • Utilize configuration management tools (e.g., Ansible, Puppet, Chef) for consistent environment setup.
  • Automated deployment and support of Kubernetes clusters.
  • Development and ongoing support of Helm Charts, CFTs and other various templates.
  • Design, implement, and manage CI/CD pipelines to ensure efficient and reliable software delivery.
  • Integrate security tools and practices into CI/CD workflows to detect and mitigate risks early.
  • Set up and maintain monitoring and logging solutions to detect and respond to incidents in real-time.
  • Collaborate with security teams to investigate and remediate security incidents and breaches.
  • Work closely with development, operations, and security teams to ensure seamless integration of security practices.
  • Provide training and guidance to team members on security best practices and DevSecOps methodologies.
  • Utilize IaC tools (e.g., Terraform, ARM, CloudFormation) to manage and provision infrastructure.
  • Ensure infrastructure is secure, scalable, and compliant with Army requirements.
  • Identify and address potential security risks and vulnerabilities throughout the development lifecycle.
  • Implement risk mitigation strategies and conduct regular risk assessments.
  • Ensure all systems and applications comply with relevant regulations and standards (e.g., NIST, FISMA, RMF).
  • Maintain comprehensive documentation of security practices, procedures, and incident response plans.
  • Optimize performance and scalability of applications and infrastructure.
  • Conduct performance testing and implement improvements as needed.
  • Stay current with emerging technologies and security trends.
  • Evaluate and integrate new tools and technologies to enhance the security posture of Army systems.
  • Develop and maintain disaster recovery plans and organization continuity strategies.
  • Conduct regular drills and tests to ensure preparedness for potential disruptions.
  • Assist in the design, development, and deployment of secure software solutions.

Requirements

  • Minimum of a SECRET security clearance
  • Bachelor's degree in Computer Science or related technical field
  • DoD 8570 IAT Level II Certification (SEC+ or other)
  • 5-years' experience as a DevSecOps or Platform Engineer
  • Previous government technology experience - ideally with the US Army
  • Minimum of 2+ years of experience programming in at least one of the following languages: C, C++, Java, Python, or Go.
  • Ability to debug, optimize code, and automate routine tasks
  • Systematic problem-solving approach, coupled with effective communication skills and a sense of drive
  • Understanding of Unix/Linux operating systems
  • Demonstrated experience building continuous, automated build and deploy pipelines.
  • Demonstrated experience in conditional procedure of build and deploy pipeline based on security scans of source and artifact.
  • Capable of working with software development team and platform infrastructure team to provide meaningful guidance to both for code development and deployment.
  • In-depth knowledge of version control of release artifacts to facilitate upgrade rollout and rollback.
  • Strong understanding of containerization of web applications.
  • Understanding and familiarity with container orchestration engines such as K8s (EKS, AKS, GKE, Kops, OpenShift)
  • Demonstrated Experience with GitLab CI/CD.
  • Experience with bash shell scripting.
  • Experience with Agile development methodologies and working with Agile teams.

Nice-to-haves

  • Master's degree in science, technology, engineering, mathematics, computer science, economics, or related technical discipline
  • Top Secret security clearance
  • AWS and/or Azure Associate certification
  • Kubernetes CKA or CKAD certification
  • Hashicorp Terraform certification
  • Experience working in IL6 or equivalent secure environments.
  • Experience with security requirements in a federal IT environment, including FedRAMP-certified providers and FISMA requirements for acquiring an ATO.
  • Experience working in a consultant/client environment.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service