DevSecOps Engineer
Indexed description
We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.
Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced DevSecOps Engineer to support the implementation, operation, and continuous improvement of DevSecOps practices, pipelines, and tools in support of the U.S. Small Business Administration (SBA). The ideal candidate is a mid to senior-level engineering professional with solid hands-on experience in DevSecOps methodologies, CI/CD pipeline development, security automation, and cloud technologies, and a demonstrated ability to integrate security practices into software development and operations workflows within a federal government environment. This individual will play a key role in building, maintaining, and improving SBA's DevSecOps capabilities, contributing to the secure and efficient delivery of software and infrastructure solutions that support SBA's mission and operational objectives.
The DevSecOps Engineer will support the design, implementation, operation, and continuous improvement of DevSecOps pipelines, tools, and practices at the SBA, working closely with development teams, security teams, operations staff, and program managers to integrate security throughout the software development lifecycle and enable the reliable, secure delivery of software and infrastructure solutions in support of SBA's mission.
Principal Responsibilities Will Include But Are Not Limited To
- Design, build, implement, and maintain CI/CD pipelines and DevSecOps toolchain components for SBA, ensuring pipelines are automated, secure, and aligned with SBA's software delivery requirements and security policies.
- Integrate security tools and automation into CI/CD pipelines including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), container security scanning, and infrastructure as code (IaC) security scanning to support the continuous identification and remediation of security vulnerabilities throughout the SDLC.
- Implement and maintain infrastructure as code (IaC) practices and tools to support automated, repeatable, and auditable provisioning and management of SBA's IT infrastructure and cloud environments.
- Collaborate with SBA's development, security, and operations teams to implement and enforce DevSecOps standards, coding best practices, security requirements, and quality gates within CI/CD pipelines.
- Support the containerization and orchestration of SBA applications, ensuring container images are properly secured, scanned, and managed in accordance with SBA security requirements and federal guidelines.
- Monitor and analyze the performance, reliability, and security of CI/CD pipelines and DevSecOps toolchain components, identifying and implementing improvements to enhance pipeline efficiency and overall effectiveness.
- Support the planning and execution of cloud migration and modernization initiatives, applying DevSecOps principles and practices to support the secure migration of SBA workloads to cloud environments.
- Develop and maintain DevSecOps documentation including pipeline configurations, technical runbooks, architecture documentation, and standard operating procedures to support SBA's DevSecOps program.
- Collaborate with SBA's ISSO and security teams to ensure DevSecOps pipelines and practices support the maintenance of system Authorization to Operate (ATO) requirements, including supporting the automation of security control testing and evidence collection activities.
- Participate in code reviews, architecture reviews, and security reviews for pipeline components and infrastructure as code artifacts, ensuring they meet SBA's quality and security standards.
- Support the implementation and management of source code management practices, repository security configurations, and branching strategies to ensure the integrity and security of SBA's software development environment.
- Assist in the evaluation and implementation of new DevSecOps tools, technologies, and practices to enhance SBA's software delivery capabilities and security posture.
- Provide technical support and guidance to development and operations teams on DevSecOps tools, practices, and security requirements, helping to build organizational capability and support for DevSecOps principles.
- Participate in incident response activities related to CI/CD pipeline issues, security events within the DevSecOps environment, and application deployment failures, supporting timely identification and resolution of issues.
- Stay current on DevSecOps technology developments, federal policy guidance, and industry best practices, applying this knowledge to continuously improve SBA's DevSecOps capabilities and practices.
- Bachelor's degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or a related field from an accredited college or university, OR equivalent combination of education and relevant work experience.
- 4-6 years of progressive experience in software engineering, systems engineering, or DevOps/DevSecOps, with demonstrated hands-on experience designing, implementing, and managing CI/CD pipelines and DevSecOps practices in a federal government or enterprise environment.
- Demonstrated hands-on experience with CI/CD tools and platforms such as Jenkins, GitLab CI/CD, GitHub Actions, or similar, and container technologies such as Docker and Kubernetes.
- Demonstrated experience integrating security tools and automation into CI/CD pipelines including SAST, DAST, SCA, and container security scanning solutions.
- One or more of the following certifications: CompTIA Security+, Certified Kubernetes Administrator (CKA), AWS Certified Developer, Microsoft Certified: Azure Developer Associate, or equivalent DevSecOps or cloud engineering certification.
- Bachelor's or Master's degree in Computer Science, Software Engineering, Information Technology, or a related field.
- Prior experience supporting DevSecOps implementation activities at a federal civilian agency, preferably the SBA or a similar organization.
- Certified Kubernetes Administrator (CKA), AWS Certified DevOps Engineer, Microsoft Certified: DevOps Engineer Expert, or other relevant advanced DevSecOps or cloud engineering certifications.
- Solid knowledge of DevSecOps principles, methodologies, and best practices and their application to the design, implementation, and operation of secure, automated software delivery pipelines in a federal government or enterprise environment.
- Demonstrated hands-on experience with CI/CD tools and platforms including Jenkins, GitLab CI/CD, GitHub Actions, CircleCI, or similar, and the ability to design, build, and maintain CI/CD pipeline configurations.
- Solid experience with containerization and container orchestration technologies including Docker and Kubernetes, including experience with container security practices and image scanning in an operational environment.
- Experience with infrastructure as code (IaC) tools and practices including Terraform, Ansible, AWS CloudFormation, or similar, and their application to automated infrastructure provisioning and management.
- Experience integrating security automation into CI/CD pipelines including SAST tools such as SonarQube or Checkmarx, DAST tools such as OWASP ZAP or Burp Suite, SCA tools such as Black Duck or Snyk, and container security scanning tools such as Twistlock, Aqua Security, or Anchore.
- Solid experience with cloud platforms and services including AWS, Microsoft Azure, or Google Cloud Platform, and the application of cloud-native DevSecOps practices and tools within federal environments.
- Proficient experience with source code management and collaboration platforms including Git, GitHub, GitLab, or Bitbucket, including familiarity with branching strategies, code review processes, and repository security practices.
- Foundational understanding of federal cybersecurity frameworks, requirements, and guidance including NIST SP 800-53, FISMA, and FedRAMP, and their relevance to DevSecOps practices and pipeline security in a federal environment.
- Experience with monitoring, logging, and observability tools and platforms such as ELK Stack, Prometheus, Grafana, Splunk, or similar, and their integration into DevSecOps pipelines and operations.
- Solid experience with scripting and programming languages including Python, Bash, PowerShell, or similar, and their application to pipeline automation, toolchain integration, and infrastructure management tasks.
- Effective written and oral communication skills in English, with the ability to clearly communicate DevSecOps concepts, pipeline configurations, and technical findings to both technical and non-technical stakeholders.
- Ability to work both independently and collaboratively in a team environment, demonstrating flexibility and responsiveness to changing priorities and requirements in a fast-paced federal IT environment.
- Ability to obtain and maintain a Public Trust clearance as required by the SBA.
- Prior experience supporting DevSecOps implementation and operations at the SBA or a similar federal civilian agency.
- Familiarity with SBA's IT environment, development platforms, and mission areas, including an understanding of the challenges and opportunities associated with implementing DevSecOps within the SBA environment.
- Experience with artifact management and software supply chain security tools and practices including JFrog Artifactory, Nexus Repository, or similar, and their integration into secure software delivery pipelines.
- Knowledge of service mesh technologies such as Istio or Linkerd and their application to securing microservices architectures within a DevSecOps context.
- Familiarity with GitOps practices and tools such as ArgoCD or Flux and their application to automated, auditable infrastructure and application deployments.
- Knowledge of the NIST Secure Software Development Framework (SSDF) and its relevance to DevSecOps implementation in a federal government environment.
- Experience supporting ATO processes and continuous monitoring programs, including contributing to the automation of security control testing and evidence collection within CI/CD pipelines.
- Familiarity with software bill of materials (SBOM) concepts and tools and their relevance to software supply chain security and federal compliance requirements.
- Certified Kubernetes Administrator (CKA), Certified Kubernetes Security Specialist (CKS), AWS Certified DevOps Engineer, Microsoft Certified: DevOps Engineer Expert, or other relevant advanced DevSecOps or cloud certifications.
- Experience with Red Hat OpenShift and its application to container orchestration and DevSecOps practices in federal IT environments.
- Basic familiarity with chaos engineering concepts and tools and their application to improving the resilience and reliability of DevSecOps pipelines and application deployments
- Experience contributing to the development of DevSecOps training materials and delivering technical knowledge-sharing sessions for development and operations team members.
The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at [email protected] or by calling 703-488-9377 to request accommodations.
Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.
Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search