{"schemaVersion":"jobsearcher.job.v1","id":"ce3fdf35f22434480000d54e","url":"https://jobsearcher.com/jobs/ce3fdf35f22434480000d54e","canonicalUrl":"https://jobsearcher.com/jobs/ce3fdf35f22434480000d54e","title":"DevSecOps Engineer","description":"If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process.\n\nFull Time Washington, DC, US\n\n4 days ago Requisition ID: 1315\n\nPosition Summary\nSofttek Government Solutions (SGS) is seeking a Mid-Level DevSecOps Engineer to support the Congressional Budget Office (CBO) DevSecOps Engineering Services task order. CBO maintains a hybrid cloud infrastructure environment supported by established DevSecOps practices, security baselines, and federal compliance frameworks; this role augments existing engineering staff to extend and mature CBO's infrastructure automation, CI/CD pipeline capabilities, container orchestration, and security-hardened delivery practices.\n\nThe engineer integrates seamlessly with CBO's engineering team, inherits existing patterns and standards rather than designing from scratch, and incrementally enhances capabilities within an active production environment. Work spans Infrastructure as Code (Terraform/OpenTofu), Configuration as Code (Ansible), CI/CD pipeline development (GitHub Actions), container build and orchestration (Docker/Kubernetes), and security integration/compliance hardening — all performed within CBO's established version control, change management, and peer review workflows.\n\nResponsibilities\n\nInfrastructure as Code (IaC) — Terraform / OpenTofu: Maintain, extend, and improve existing Terraform/OpenTofu codebases used to provision and manage cloud and hybrid infrastructure, including modular/reusable configurations, state/remote backend management, plan/apply workflows within change control, and refactoring legacy configurations; do not introduce new tooling without prior CBO IRM approval.\n\nConfiguration as Code (CaC) — Ansible: Develop and maintain Ansible playbooks and roles to automate system configuration, compliance enforcement, patch management, and application deployment; adhere to CBO role structure, variable conventions, and inventory management standards.\n\nCI/CD Pipeline Development — GitHub Actions: Build, maintain, and improve GitHub Actions workflows to automate build/test/security scanning/deployment; incorporate security gates including SAST, dependency scanning, secrets detection, and policy-as-code validation; ensure peer review and compliance with CBO branching/approval standards for workflow changes.\n\nContainer Management — Docker and Kubernetes: Support containerized delivery using Docker for builds and Kubernetes for orchestration, including hardened Dockerfiles, Kubernetes manifests and Helm charts, namespace/RBAC configuration, and cluster health monitoring/troubleshooting; scan container images for vulnerabilities prior to deployment.\n\nSecurity Integration and Compliance Hardening: Integrate shift-left security across the SDLC, including SAST/DAST integration into pipelines, enforcing CIS benchmarks and CBO baselines for infrastructure/containers, supporting NIST SP 800-53 and FISMA compliance needs, and producing documentation for audits and assessments.\n\nQualifications\n\nMust be a US Citizen\n\nHands‑on experience with Terraform and OpenTofu, including module development, remote state management, and workspace management.\n\nProficiency with Ansible playbook/role development, dynamic inventories, and Ansible Vault for secrets management.\n\nDemonstrated experience designing and maintaining GitHub Actions workflows, including reusable workflows, matrix builds, and security gate integration.\n\nWorking knowledge of Docker image authoring/hardening, Kubernetes/Helm chart management, and container scanning tools (Trivy, Grype, or equivalent).\n\nFamiliarity with SAST tools (Semgrep, Checkov, tfsec), secrets scanning (Gitleaks, Detect‑Secrets), and policy-as-code frameworks (OPA/Rego).\n\nProficiency with Git-based workflows — branching strategies, pull request reviews, and protected branch enforcement.\n\nPreferred: federal/regulated environment experience, NIST SP 800-53/FISMA/FedRAMP familiarity, AWS, HashiCorp Vault, and Python/Bash scripting.\n\nPreferred Qualifications\n\nExperience in a federal or highly regulated environment.\n\nFamiliarity with NIST SP 800-53, FISMA, and FedRAMP compliance requirements.\n\nCloud platform experience (AWS).\n\nExperience with secrets management tools (e.g., HashiCorp Vault).\n\nScripting proficiency in Python and Bash.\n\nRequired Clearance\n\nEligible for Public Trust Tier 2 suitability determination\n\nAbout Softtek Government Solutions\nSofttek Government Solutions is a professional services firm focused on addressing our nation’s most complex threats and challenges. As a small business we’re committed to supporting our clients’ missions with services delivered by our diverse and experienced staff. With expertise in cybersecurity, emergency preparedness, and public health, our experience base spans federal, state, and local governments, as well as private sector entities.\n\nSofttek Government Solutions encourages collaborative communication and ongoing learning. Some of our benefits include:\n\nExtensive training programs\n\nGym membership reimbursement\n\nGenerous paid time off and much more!\n\nSofttek Government Solutions is an Equal Opportunity Employer (EOE)\n\n#J-18808-Ljbffr","company":"Aveshka","rawCompany":"aveshka","city":"Washington","state":"DC","isRemote":false,"isActive":false,"createdAt":"2026-06-22T03:15:42.575Z","occupations":[{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"},{"code":"15-1252.00","title":"Software Developers","slug":"software-developers"},{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"DevSecOps Engineer","description":"If you are unable to complete this application due to a disability, contact this employer to ask for an accommodation or an alternative application process.\n\nFull Time Washington, DC, US\n\n4 days ago Requisition ID: 1315\n\nPosition Summary\nSofttek Government Solutions (SGS) is seeking a Mid-Level DevSecOps Engineer to support the Congressional Budget Office (CBO) DevSecOps Engineering Services task order. CBO maintains a hybrid cloud infrastructure environment supported by established DevSecOps practices, security baselines, and federal compliance frameworks; this role augments existing engineering staff to extend and mature CBO's infrastructure automation, CI/CD pipeline capabilities, container orchestration, and security-hardened delivery practices.\n\nThe engineer integrates seamlessly with CBO's engineering team, inherits existing patterns and standards rather than designing from scratch, and incrementally enhances capabilities within an active production environment. Work spans Infrastructure as Code (Terraform/OpenTofu), Configuration as Code (Ansible), CI/CD pipeline development (GitHub Actions), container build and orchestration (Docker/Kubernetes), and security integration/compliance hardening — all performed within CBO's established version control, change management, and peer review workflows.\n\nResponsibilities\n\nInfrastructure as Code (IaC) — Terraform / OpenTofu: Maintain, extend, and improve existing Terraform/OpenTofu codebases used to provision and manage cloud and hybrid infrastructure, including modular/reusable configurations, state/remote backend management, plan/apply workflows within change control, and refactoring legacy configurations; do not introduce new tooling without prior CBO IRM approval.\n\nConfiguration as Code (CaC) — Ansible: Develop and maintain Ansible playbooks and roles to automate system configuration, compliance enforcement, patch management, and application deployment; adhere to CBO role structure, variable conventions, and inventory management standards.\n\nCI/CD Pipeline Development — GitHub Actions: Build, maintain, and improve GitHub Actions workflows to automate build/test/security scanning/deployment; incorporate security gates including SAST, dependency scanning, secrets detection, and policy-as-code validation; ensure peer review and compliance with CBO branching/approval standards for workflow changes.\n\nContainer Management — Docker and Kubernetes: Support containerized delivery using Docker for builds and Kubernetes for orchestration, including hardened Dockerfiles, Kubernetes manifests and Helm charts, namespace/RBAC configuration, and cluster health monitoring/troubleshooting; scan container images for vulnerabilities prior to deployment.\n\nSecurity Integration and Compliance Hardening: Integrate shift-left security across the SDLC, including SAST/DAST integration into pipelines, enforcing CIS benchmarks and CBO baselines for infrastructure/containers, supporting NIST SP 800-53 and FISMA compliance needs, and producing documentation for audits and assessments.\n\nQualifications\n\nMust be a US Citizen\n\nHands‑on experience with Terraform and OpenTofu, including module development, remote state management, and workspace management.\n\nProficiency with Ansible playbook/role development, dynamic inventories, and Ansible Vault for secrets management.\n\nDemonstrated experience designing and maintaining GitHub Actions workflows, including reusable workflows, matrix builds, and security gate integration.\n\nWorking knowledge of Docker image authoring/hardening, Kubernetes/Helm chart management, and container scanning tools (Trivy, Grype, or equivalent).\n\nFamiliarity with SAST tools (Semgrep, Checkov, tfsec), secrets scanning (Gitleaks, Detect‑Secrets), and policy-as-code frameworks (OPA/Rego).\n\nProficiency with Git-based workflows — branching strategies, pull request reviews, and protected branch enforcement.\n\nPreferred: federal/regulated environment experience, NIST SP 800-53/FISMA/FedRAMP familiarity, AWS, HashiCorp Vault, and Python/Bash scripting.\n\nPreferred Qualifications\n\nExperience in a federal or highly regulated environment.\n\nFamiliarity with NIST SP 800-53, FISMA, and FedRAMP compliance requirements.\n\nCloud platform experience (AWS).\n\nExperience with secrets management tools (e.g., HashiCorp Vault).\n\nScripting proficiency in Python and Bash.\n\nRequired Clearance\n\nEligible for Public Trust Tier 2 suitability determination\n\nAbout Softtek Government Solutions\nSofttek Government Solutions is a professional services firm focused on addressing our nation’s most complex threats and challenges. As a small business we’re committed to supporting our clients’ missions with services delivered by our diverse and experienced staff. With expertise in cybersecurity, emergency preparedness, and public health, our experience base spans federal, state, and local governments, as well as private sector entities.\n\nSofttek Government Solutions encourages collaborative communication and ongoing learning. Some of our benefits include:\n\nExtensive training programs\n\nGym membership reimbursement\n\nGenerous paid time off and much more!\n\nSofttek Government Solutions is an Equal Opportunity Employer (EOE)\n\n#J-18808-Ljbffr","datePosted":"2026-06-22T03:15:42.575Z","dateModified":"2026-06-22T03:15:42.575Z","hiringOrganization":{"@type":"Organization","name":"Aveshka","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Washington","addressRegion":"DC","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"ce3fdf35f22434480000d54e"},"url":"https://jobsearcher.com/jobs/ce3fdf35f22434480000d54e"}}