Lead DevSecOps Engineer

DevSecOps Engineer - Lead

Position Description
We are seeking a highly skilled and motivated Lead CI/CD and DevSecOps Engineer to lead the continuous integration, continuous delivery, and security automation within our Agile development and operations processes.

In this role, you will design and implement efficient CI/CD pipelines, integrate DevSecOps tools, implement DevSecOps governance and polices for a portfolio of modernization projects, and enhance our operational security measures. You will work collaboratively with colleagues in an agile team to drive innovation and assure the secure and reliable delivery of software solutions.

This position is located in our Fairfax, VA office, however a hybrid working model is acceptable.

This position does not have specific travel requirements outside the member’s allocated work location. There may be limited travel required for client events and meetings.


Your future duties and responsibilities
• Design, implement, and maintain advanced CI/CD pipelines to automate the build, test, and deployment processes, ensuring speed and reliability.
• Integrate DevSecOps tools to automate security checks and vulnerability assessments within the CI/CD pipeline.
• Develop, implement, and maintain security policies and procedures that align with organizational goals and regulatory requirements, ensuring they are integrated into the modernization project lifecycle.
• Establish governance frameworks to monitor compliance with security standards and regulations throughout the modernization process, conducting regular audits and assessments to ensure adherence and address any gaps.
• Collaborate with Agile development, operations, and security teams to embed security practices and tools across the software development lifecycle.
• Enhance operational security by implementing robust monitoring, logging, and alerting systems.
• Actively participate in Agile ceremonies, providing input on security and automation best practices.
• Troubleshoot and resolve issues related to CI/CD processes, security tools, and operational security.
• Provide training and guidance to teams on CI/CD, DevSecOps, and operational security best practices.
• Ensure compliance with industry standards and regulatory requirements through automated checks and controls.
• Document and maintain CI/CD workflows, security protocols, and operational procedures.
• Stay updated on the latest trends and technologies in CI/CD, DevSecOps, and security operations.
• Mentor junior engineers, promoting a culture of security awareness, agility, and continuous improvement.


Required qualifications to be successful in this role
• Bachelor’s degree in computer science, information technology, or a related field.
• 6+ years of hand-on experience in DevSecOps, with a focus on CI/CD and automation.
• 5+ years of experience working on US Federal government agency contracts.
• Experience working with large multifunctional teams, including within a multi-contractor environment as an integrated project team.
• Strong understanding of CI/CD concepts and experience with tools such as Jenkins, GitLab CI, or CircleCI.
• Proficiency in integrating security tools like SAST, DAST, and vulnerability scanners into CI/CD pipelines.
• Experience working in Agile teams and familiarity with Agile methodologies.
• Experience with cloud platforms (AWS, Azure, or Google Cloud), infrastructure as code (e.g., Terraform), and automation tools (e.g. Puppet, Ansible, Chef etc.)
• Familiarity with containerization technologies (e.g., Docker, Kubernetes) and related security practices.
• Strong scripting and automation skills (e.g., Python, Bash, Groovy).
• Excellent problem-solving abilities and attention to detail.
• Strong communication and collaboration skills.

Desired qualifications/non-essential skills required:
• Master’s degree in a related field.
• Certifications such as AWS Certified DevOps Engineer, CISSP, or Docker Certified Associate.
• Experience working at large financial institutions, including mortgage-backed securities.
• Experience with security frameworks and standards (e.g., NIST, ISO 27001).
• Knowledge of network security and intrusion detection/prevention systems.
• Familiarity with serverless architectures and associated security challenges.
• Contributions to open-source DevOps or security projects.