DevSecOps Engineer

Overview Edgewater Federal Solutions is seeking a DevSecOps Engineer to support a hybrid cloud infrastructure environment backed by established DevSecOps practices, security baselines, and federal compliance frameworks. The engineer will augment existing engineering staff and expand upon established infrastructure automation, CI/CD pipeline capabilities, container orchestration, and security-hardened delivery practices. The objective is to extend and mature existing infrastructure automation and secure software delivery capabilities. The engineer will not be expected to design from scratch; rather, the engineer will inherit existing patterns, adhere to engineering standards, and incrementally enhance capabilities within an active production environment. Responsibilities Infrastructure as Code (Terraform/OpenTofu): Maintain and enhance existing Terraform and OpenTofu environments, develop reusable infrastructure modules, manage state files and remote backends, execute infrastructure deployments through approved change control processes, and refactor legacy infrastructure code to current standards. Configuration as Code (Ansible): Develop and maintain Ansible playbooks and roles, automate server configuration and application deployment, support patch management and compliance enforcement, and maintain inventory and configuration documentation. CI/CD Engineering (GitHub Actions): Develop and maintain GitHub Actions workflows, automate build, test, security scanning, and deployment processes, implement SAST, dependency scanning, secrets detection, and policy-as-code controls, and support code review and release management processes. Containerization & Kubernetes: Develop and maintain Dockerfiles, support Kubernetes deployments and orchestration, manage manifests, Helm charts, namespaces, and RBAC configurations, perform container vulnerability scanning and remediation, and support cluster monitoring and troubleshooting. Security Integration & Compliance: Integrate security controls throughout CI/CD pipelines, support vulnerability management and remediation efforts, assist with compliance, audit, and security assessment activities, and maintain technical documentation and operational runbooks. Qualifications Clearance U.S. Citizenship or Permanent Residence Status Public Trust Tier 2 background investigation FBI criminal checks and fingerprinting Education: Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related discipline (or equivalent experience) Experience: 5+ years of DevSecOps, Cloud Engineering, or Infrastructure Automation experience Required Skills: Infrastructure as Code: Hands-on experience with Terraform and OpenTofu, including module development, remote state management, and workspace management Configuration as Code: Proficiency with Ansible, including playbook and role development, dynamic inventories, and Ansible Vault for secrets management CI/CD: Demonstrated experience designing and maintaining GitHub Actions workflows, including reusable workflows, matrix builds, and security gate integration Containers: Working knowledge of Docker image authoring and hardening, Kubernetes manifest and Helm chart management, and container security scanning tools (e.g., Trivy, Grype, or equivalent) Security Integration: Familiarity with SAST tools (e.g., Semgrep, Checkov, tfsec), secrets scanning (e.g., Gitleaks, Detect-Secrets), and policy-as-code frameworks (e.g., OPA/Rego) Version Control: Proficiency with Git-based workflows including branching strategies, pull request reviews, and protected branch enforcement Required Tool Knowledge: Terraform/OpenTofu Ansible GitHub Actions Docker Kubernetes Git-based development workflows SAST tools Secrets scanning Policy-as-code frameworks DAST tools AWS Python and/or Bash Preferred Skills: Experience in a federal or highly regulated environment Familiarity with NIST SP 800-53, FISMA, and FedRAMP compliance requirements Cloud platform experience (AWS) Experience with secrets management tools (e.g., HashiCorp Vault) Scripting proficiency in Python and Bash Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee may be regularly required to stand, sit, talk, hear, reach, stoop, kneel, and use hands and fingers to operate a computer, telephone, keyboard, and standard office equipment Specific vision abilities required by this job include close vision requirements due to computer workThe employee must occasionally lift and/or move up to 15 pounds Fine hand manipulation (keyboarding) Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Exposure to general office conditions while conducting office duties Moderate noise (i.e., business office with computers, phone, and printers, light traffic) Ability to work in a confined area Ability to sit at a computer terminal for an extended period Edgewater Federal Solutions is an Equal Opportunity Employer. It has been and continues to be our policy to provide equal employment to all employees and applicants for employment without regard to race, color, religion, gender, national origin, age, disability, marital status, veteran status and/or other status protected by applicable law. #J-18808-Ljbffr