DevSecOps Engineer

About the position

CGI is seeking a highly skilled and motivated Senior CI/CD and DevSecOps Engineer to lead the integration of continuous integration, continuous delivery, and security automation within our Agile development and operations processes. Work location is in Fairfax, VA. In this role, you will design and implement efficient CI/CD pipelines, integrate DevSecOps tools, and enhance our operational security measures. You will work collaboratively with colleagues in an agile team to drive innovation and assure the secure and reliable delivery of software solutions. This position does not have specific travel requirements outside the member's allocated work location. There may be limited travel required for client events and meetings. The position follows standard CGI Federal hybrid work and travel policies.

Responsibilities

• Design, implement, and maintain advanced CI/CD pipelines to automate the build, test, and deployment processes, ensuring speed and reliability.
• Integrate DevSecOps tools to automate security checks and vulnerability assessments within the CI/CD pipeline.
• Collaborate with Agile development, operations, and security teams to embed security practices and tools across the software development lifecycle.
• Enhance operational security by implementing robust monitoring, logging, and alerting systems.
• Actively participate in Agile ceremonies, providing input on security and automation best practices.
• Troubleshoot and resolve issues related to CI/CD processes, security tools, and operational security.
• Provide training and guidance to teams on CI/CD, DevSecOps, and operational security best practices.
• Ensure compliance with industry standards and regulatory requirements through automated checks and controls.
• Document and maintain CI/CD workflows, security protocols, and operational procedures.

Requirements

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• 5+ years of experience in DevSecOps, with a focus on CI/CD and automation.
• 5+ years of experience working on US Federal government agency contracts.
• Experience working with large multifunctional teams, including within a multi-contractor environment as an integrated project team.
• Strong understanding of CI/CD concepts and experience with tools such as Jenkins, GitLab CI, or CircleCI.
• Proficiency in integrating security tools like SAST, DAST, and vulnerability scanners into CI/CD pipelines.
• Experience working in Agile teams and familiarity with Agile methodologies.
• Experience with cloud platforms (AWS, Azure, or Google Cloud), infrastructure as code (e.g., Terraform), and automation tools (e.g. Puppet, Ansible, Chef etc.)
• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and related security practices.
• Strong scripting and automation skills (e.g., Python, Bash, Groovy).

Nice-to-haves

• Master's degree in a related field.
• Certifications such as AWS Certified DevOps Engineer, CISSP, or Docker Certified Associate.
• Experience working at large financial institutions, including mortgage-backed securities.
• Experience with security frameworks and standards (e.g., NIST, ISO 27001).
• Knowledge of network security and intrusion detection/prevention systems.
• Familiarity with serverless architectures and associated security challenges.
• Contributions to open source DevOps or security projects.

Benefits

• Competitive compensation
• Comprehensive insurance options
• Matching contributions through the 401(k) plan and the share purchase plan
• Paid time off for vacation, holidays, and sick time
• Paid parental leave
• Learning opportunities and tuition assistance
• Wellness and Well-being programs