DevSecOps Engineer-Federal CI​/CD & GitLab

Benefits

• 401(k) matching
• Competitive salary
• Health insurance
• Paid time off

About this Role We are seeking a Dev Sec Ops Engineer with deep federal experience to design, implement, and operate secure CI/CD pipelines using Git Lab across complex, multi-cloud environments. You will work closely with cybersecurity, application development, and infrastructure teams to embed security into every stage of the software delivery life cycle, ensuring compliance with federal standards (FISMA, FedRAMP, NIST 800-53/171, Zero Trust Principles).

Key Responsibilities

• Design and Manage CI/CD pipelines
• Architect, implement, and maintain Git Lab-based CI/CD pipelines for multiple applications and services.
• Automate build, test, security scanning, and deployment workflows across on-prem and cloud (AWS, Azure, GCP) environments.
• Optimize pipeline performance, reliability, and traceability to support rapid, secure releases.
• Embed Security in the SDLC (Dev Sec Ops )
• Integrate SAST, DAST, SCA, container scanning, and laC scanning into Git Lab pipelines.
• Impement and maintain policy-as-code, security gates, and approvals aligned to Federal cybersecurity and compliance requirements.
• Collaborate with security teams to respond to findings, prioritize remediations and continuously improve security posture.
• Infrastructure as code and automation
• Build and maintain infrastructure as code (IaC) using tools such as Terraform, Ansible, Helm, or Cloud Formation.
• Automate environment provisioning, configuration management, and application deployment.
• Contribute to standardized, reusable, pipeline templates and automation tool chains.
• Compliance, Governance & Reporting
• Align CI/CD and Dev Sec Ops practices with NIST, FISMA, OMB, FedRAMP, and agency-specific policies.
• Implement logging, monitoring, and auditing in support of ATO, PoA&M management, and continuous monitoring.
• Produce documentation (runbooks, architecture diagrams, SOPs) to support audits and governance.
• Partner with developers, product owners, cybersecurity, and operations teams to promote Dev Sec Ops best practices.
• Provide technical guidance and knowledge transfer on Git Lab CI/CD automation, and secure coding practices.
• Participate in incident response and post-incident reviews related to build, deployment, or security pipeline issues.

Qualifications and Skills

• Must be a U.S. citizen and able to obtain a Public Trust
• 5+ years' experience in Dev Ops/Dev Sec Ops roles
• 3+ years’ working on federal programs or regulated environments, with practical understanding of NIST, FISMA, and FedRAMP requirements.
• 2+ years’ building and managing Git Lab CI/CD pipelines (or equivalent, with recent Git Lab focus).
• Strong expertise with Git Lab CI/CD (runners, pipelines, triggers, variables, artifacts, environments).
• Experience integrating security tools (SAST, DAST, SCA, container scanning) into pipelines.
• Hands-on experience with containers and orchestration (Docker, Kubernetes, Open Shift or equivalent).
• Proficiency with IaC and automation tools such as Terraform, Ansible, or similar.
• Solid knowledge of Linux, Shell scripting, and at least one programming language (Python, Go, or similar).
• Familiarity with logging/monitoring tools (e.g. Splunk, Cloud Watch, Prometheus, ELK/EFK).
• Working knowledge of NIST 800-53/171, Zero Trust Principles, and continuous monitoring.
• Experience supporting ATO processes and documenting controls in coordination with ISSOs/ISSMs
• Strong communication skills with ability to translate technical topics for non-technical stakeholders and ability to work with cross-functional agile teams.

Desired Skills and Competencies

• Experience in HHS, NIH, CMS, ACF, DoD, or other civilian/defense agencies.
• Experience with additional CI/CD tools (Git Hub Actions, Jenkins, Azure Dev Ops) and migrating pipelines into Git Lab.
• Kubernetes Administrator (CKA) certification.
• GIAC Cloud Security Automation (GCSA), CompTIA Security+, or similar.
• AWS/Azure/GCP Associate or Professional-Level certifications.
• Experience implementing Zero Trust-aligned architectures, especially around Identity, access, and data protection.

Additional Information You will drive the modernization of federal systems through secure, automated delivery. Help shape Dev Sec Ops standards, patterns, and templates used across multiple programs. You will work with leaders and engineers passionate about security, automation, and mission impact. Flexible work from home options available. #J-18808-Ljbffr Apply tot his job Apply To this Job