DevSecOps - Intermediate
POSITION TITLE: DevSecOps Engineer (Intermediate)
CLEARANCE REQUIREMENT
Must be eligible to obtain a Public Trust Tier 2 clearance or hold an active DoD security clearance
POSITION OVERVIEW
IMRI is seeking a motivated and technically proficient DevSecOps Engineer to support a hybrid cloud environment within a federal program. This role focuses on advancing secure infrastructure automation, enhancing CI/CD pipelines, and integrating security throughout the software delivery lifecycle. The ideal candidate will build upon an established DevSecOps framework—leveraging existing tools, standards, and processes—to improve automation, strengthen security posture, and support scalable, resilient application and infrastructure delivery.
Infrastructure Automation (IaC)
Maintain and enhance infrastructure as code using Terraform and OpenTofu
Develop modular, reusable configurations aligned with existing engineering standards
Manage state files, remote backends, and workspace configurations
Refactor legacy infrastructure code to improve performance, scalability, and maintainability
Execute infrastructure changes through approved change management processes
Configuration Management (CaC)
Develop and maintain Ansible playbooks and roles to automate system configuration and deployment
Support patch management, compliance enforcement, and infrastructure consistency across environments
Adhere to established role structures, variable conventions, and inventory management practices
CI/CD Pipeline Engineering
Build, maintain, and enhance GitHub Actions workflows for automated build, test, and deployment processes
Integrate security controls within pipelines, including:
Static application security testing (SAST)
Dependency and vulnerability scanning
Secrets detection
Policy-as-code validation
Ensure all pipeline changes follow peer review, version control, and approval workflows
Containerization & Orchestration
Support containerized application environments using Docker and Kubernetes
Develop and maintain Dockerfiles aligned with secure image build practices
Manage Kubernetes manifests and Helm charts to support application deployment and orchestration
Assist with cluster operations, including performance monitoring and troubleshooting
Ensure container images are scanned for vulnerabilities prior to deployment
Security Integration & Compliance
Integrate security practices across the development lifecycle (Shift-Left security)
Implement and support security scanning tools, including SAST, secrets scanning, and infrastructure security validation
Enforce infrastructure and container hardening standards aligned with CIS benchmarks and federal security baselines
Support compliance activities aligned with NIST SP 800-53 , FISMA , and related frameworks
Produce audit-ready documentation to support assessments and compliance reviews
Collaboration & Engineering Practices
Work closely with cross-functional engineering teams in an Agile/Scrum environment , participating in stand-ups, sprint planning, and technical reviews
Follow established version control, peer review, and change management workflows
Ensure all updates to production systems are properly reviewed and approved through formal processes
Maintain clear and accurate documentation of changes to shared codebases, pipelines, and infrastructure
Key Deliverables
Infrastructure as Code modules and documentation
Ansible playbooks, roles, and execution logs
GitHub Actions workflow configurations and pipeline documentation
Dockerfiles, Kubernetes manifests, and Helm charts
Security scanning configurations and compliance documentation
Change logs and technical documentation supporting audit readiness
REQUIRED QUALIFICATIONS
Hands-on experience with Terraform and/or OpenTofu , including module development and state management
Proficiency with Ansible , including playbooks, roles, and automation workflows
Experience designing and maintaining CI/CD pipelines using GitHub Actions
Working knowledge of Docker and Kubernetes for containerized environments
Familiarity with security tools and practices, including:
SAST tools (e.g., Semgrep, Checkov, tfsec or similar)
Secrets detection tools (e.g., Gitleaks, Detect-Secrets)
Policy-as-code frameworks (e.g., OPA/Rego)
Proficiency with Git-based version control , including branching, pull requests, and protected branch workflows
Experience working within structured change management and documentation processes
PREFERRED QUALIFICATIONS
Experience supporting federal or highly regulated environments
Familiarity with NIST SP 800-53 , FISMA , and FedRAMP compliance requirements
Experience working within AWS cloud environments
Familiarity with secrets management solutions such as HashiCorp Vault
Scripting experience in Python and/or Bash
#J-18808-Ljbffr