{"schemaVersion":"jobsearcher.job.v1","id":"ff34fa74eaf9bc751c5782c1","url":"https://jobsearcher.com/jobs/ff34fa74eaf9bc751c5782c1","canonicalUrl":"https://jobsearcher.com/jobs/ff34fa74eaf9bc751c5782c1","title":"DevSecOps - Intermediate","description":"POSITION TITLE: DevSecOps Engineer (Intermediate)\nCLEARANCE REQUIREMENT\nMust be eligible to obtain a Public Trust Tier 2 clearance or hold an active DoD security clearance\n\nPOSITION OVERVIEW\nIMRI is seeking a motivated and technically proficient DevSecOps Engineer to support a hybrid cloud environment within a federal program. This role focuses on advancing secure infrastructure automation, enhancing CI/CD pipelines, and integrating security throughout the software delivery lifecycle. The ideal candidate will build upon an established DevSecOps framework—leveraging existing tools, standards, and processes—to improve automation, strengthen security posture, and support scalable, resilient application and infrastructure delivery.\n\nInfrastructure Automation (IaC)\n\nMaintain and enhance infrastructure as code using Terraform and OpenTofu\n\nDevelop modular, reusable configurations aligned with existing engineering standards\n\nManage state files, remote backends, and workspace configurations\n\nRefactor legacy infrastructure code to improve performance, scalability, and maintainability\n\nExecute infrastructure changes through approved change management processes\n\nConfiguration Management (CaC)\n\nDevelop and maintain Ansible playbooks and roles to automate system configuration and deployment\n\nSupport patch management, compliance enforcement, and infrastructure consistency across environments\n\nAdhere to established role structures, variable conventions, and inventory management practices\n\nCI/CD Pipeline Engineering\n\nBuild, maintain, and enhance GitHub Actions workflows for automated build, test, and deployment processes\n\nIntegrate security controls within pipelines, including:\n\nStatic application security testing (SAST)\n\nDependency and vulnerability scanning\n\nSecrets detection\n\nPolicy-as-code validation\n\nEnsure all pipeline changes follow peer review, version control, and approval workflows\n\nContainerization & Orchestration\n\nSupport containerized application environments using Docker and Kubernetes\n\nDevelop and maintain Dockerfiles aligned with secure image build practices\n\nManage Kubernetes manifests and Helm charts to support application deployment and orchestration\n\nAssist with cluster operations, including performance monitoring and troubleshooting\n\nEnsure container images are scanned for vulnerabilities prior to deployment\n\nSecurity Integration & Compliance\n\nIntegrate security practices across the development lifecycle (Shift-Left security)\n\nImplement and support security scanning tools, including SAST, secrets scanning, and infrastructure security validation\n\nEnforce infrastructure and container hardening standards aligned with CIS benchmarks and federal security baselines\n\nSupport compliance activities aligned with NIST SP 800-53 , FISMA , and related frameworks\n\nProduce audit-ready documentation to support assessments and compliance reviews\n\nCollaboration & Engineering Practices\n\nWork closely with cross-functional engineering teams in an Agile/Scrum environment , participating in stand-ups, sprint planning, and technical reviews\n\nFollow established version control, peer review, and change management workflows\n\nEnsure all updates to production systems are properly reviewed and approved through formal processes\n\nMaintain clear and accurate documentation of changes to shared codebases, pipelines, and infrastructure\n\nKey Deliverables\n\nInfrastructure as Code modules and documentation\n\nAnsible playbooks, roles, and execution logs\n\nGitHub Actions workflow configurations and pipeline documentation\n\nDockerfiles, Kubernetes manifests, and Helm charts\n\nSecurity scanning configurations and compliance documentation\n\nChange logs and technical documentation supporting audit readiness\n\nREQUIRED QUALIFICATIONS\n\nHands-on experience with Terraform and/or OpenTofu , including module development and state management\n\nProficiency with Ansible , including playbooks, roles, and automation workflows\n\nExperience designing and maintaining CI/CD pipelines using GitHub Actions\n\nWorking knowledge of Docker and Kubernetes for containerized environments\n\nFamiliarity with security tools and practices, including:\n\nSAST tools (e.g., Semgrep, Checkov, tfsec or similar)\n\nSecrets detection tools (e.g., Gitleaks, Detect-Secrets)\n\nPolicy-as-code frameworks (e.g., OPA/Rego)\n\nProficiency with Git-based version control , including branching, pull requests, and protected branch workflows\n\nExperience working within structured change management and documentation processes\n\nPREFERRED QUALIFICATIONS\n\nExperience supporting federal or highly regulated environments\n\nFamiliarity with NIST SP 800-53 , FISMA , and FedRAMP compliance requirements\n\nExperience working within AWS cloud environments\n\nFamiliarity with secrets management solutions such as HashiCorp Vault\n\nScripting experience in Python and/or Bash\n\n#J-18808-Ljbffr","company":"Information Management Resources","rawCompany":"information management resources","city":"Ashburn","state":"VA","isRemote":false,"isActive":true,"createdAt":"2026-06-23T03:27:44.516Z","occupations":[{"code":"15-1299.08","title":"Computer Systems Engineers/Architects","slug":"computer-systems-engineers-architects"},{"code":"15-1252.00","title":"Software Developers","slug":"software-developers"},{"code":"15-1299.05","title":"Information Security Engineers","slug":"information-security-engineers"}],"industries":[{"code":"541512","title":"Computer Systems Design Services","slug":"computer-systems-design-services"},{"code":"541511","title":"Custom Computer Programming Services","slug":"custom-computer-programming-services"},{"code":"513210","title":"Software Publishers","slug":"software-publishers"}],"jobPosting":{"@context":"https://schema.org","@type":"JobPosting","title":"DevSecOps - Intermediate","description":"POSITION TITLE: DevSecOps Engineer (Intermediate)\nCLEARANCE REQUIREMENT\nMust be eligible to obtain a Public Trust Tier 2 clearance or hold an active DoD security clearance\n\nPOSITION OVERVIEW\nIMRI is seeking a motivated and technically proficient DevSecOps Engineer to support a hybrid cloud environment within a federal program. This role focuses on advancing secure infrastructure automation, enhancing CI/CD pipelines, and integrating security throughout the software delivery lifecycle. The ideal candidate will build upon an established DevSecOps framework—leveraging existing tools, standards, and processes—to improve automation, strengthen security posture, and support scalable, resilient application and infrastructure delivery.\n\nInfrastructure Automation (IaC)\n\nMaintain and enhance infrastructure as code using Terraform and OpenTofu\n\nDevelop modular, reusable configurations aligned with existing engineering standards\n\nManage state files, remote backends, and workspace configurations\n\nRefactor legacy infrastructure code to improve performance, scalability, and maintainability\n\nExecute infrastructure changes through approved change management processes\n\nConfiguration Management (CaC)\n\nDevelop and maintain Ansible playbooks and roles to automate system configuration and deployment\n\nSupport patch management, compliance enforcement, and infrastructure consistency across environments\n\nAdhere to established role structures, variable conventions, and inventory management practices\n\nCI/CD Pipeline Engineering\n\nBuild, maintain, and enhance GitHub Actions workflows for automated build, test, and deployment processes\n\nIntegrate security controls within pipelines, including:\n\nStatic application security testing (SAST)\n\nDependency and vulnerability scanning\n\nSecrets detection\n\nPolicy-as-code validation\n\nEnsure all pipeline changes follow peer review, version control, and approval workflows\n\nContainerization & Orchestration\n\nSupport containerized application environments using Docker and Kubernetes\n\nDevelop and maintain Dockerfiles aligned with secure image build practices\n\nManage Kubernetes manifests and Helm charts to support application deployment and orchestration\n\nAssist with cluster operations, including performance monitoring and troubleshooting\n\nEnsure container images are scanned for vulnerabilities prior to deployment\n\nSecurity Integration & Compliance\n\nIntegrate security practices across the development lifecycle (Shift-Left security)\n\nImplement and support security scanning tools, including SAST, secrets scanning, and infrastructure security validation\n\nEnforce infrastructure and container hardening standards aligned with CIS benchmarks and federal security baselines\n\nSupport compliance activities aligned with NIST SP 800-53 , FISMA , and related frameworks\n\nProduce audit-ready documentation to support assessments and compliance reviews\n\nCollaboration & Engineering Practices\n\nWork closely with cross-functional engineering teams in an Agile/Scrum environment , participating in stand-ups, sprint planning, and technical reviews\n\nFollow established version control, peer review, and change management workflows\n\nEnsure all updates to production systems are properly reviewed and approved through formal processes\n\nMaintain clear and accurate documentation of changes to shared codebases, pipelines, and infrastructure\n\nKey Deliverables\n\nInfrastructure as Code modules and documentation\n\nAnsible playbooks, roles, and execution logs\n\nGitHub Actions workflow configurations and pipeline documentation\n\nDockerfiles, Kubernetes manifests, and Helm charts\n\nSecurity scanning configurations and compliance documentation\n\nChange logs and technical documentation supporting audit readiness\n\nREQUIRED QUALIFICATIONS\n\nHands-on experience with Terraform and/or OpenTofu , including module development and state management\n\nProficiency with Ansible , including playbooks, roles, and automation workflows\n\nExperience designing and maintaining CI/CD pipelines using GitHub Actions\n\nWorking knowledge of Docker and Kubernetes for containerized environments\n\nFamiliarity with security tools and practices, including:\n\nSAST tools (e.g., Semgrep, Checkov, tfsec or similar)\n\nSecrets detection tools (e.g., Gitleaks, Detect-Secrets)\n\nPolicy-as-code frameworks (e.g., OPA/Rego)\n\nProficiency with Git-based version control , including branching, pull requests, and protected branch workflows\n\nExperience working within structured change management and documentation processes\n\nPREFERRED QUALIFICATIONS\n\nExperience supporting federal or highly regulated environments\n\nFamiliarity with NIST SP 800-53 , FISMA , and FedRAMP compliance requirements\n\nExperience working within AWS cloud environments\n\nFamiliarity with secrets management solutions such as HashiCorp Vault\n\nScripting experience in Python and/or Bash\n\n#J-18808-Ljbffr","datePosted":"2026-06-23T03:27:44.516Z","dateModified":"2026-06-23T03:27:44.516Z","hiringOrganization":{"@type":"Organization","name":"Information Management Resources","sameAs":"https://jobsearcher.com"},"jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Ashburn","addressRegion":"VA","addressCountry":"US"}},"identifier":{"@type":"PropertyValue","name":"JobSearcher","value":"ff34fa74eaf9bc751c5782c1"},"url":"https://jobsearcher.com/jobs/ff34fa74eaf9bc751c5782c1"}}