DevSecOps Engineer-Federal CI/CD & GitLab

Job Description

Job DescriptionBenefits:

• 401(k) matching
• Competitive salary
• Health insurance
• Paid time off

About this Role:

We are seeking a DevSecOps Engineer with deep federal experience to design, implement, and operate secure CI/CD pipelines using GitLab across complex, multi-cloud environments. You will work closely with cybersecurity, application development, and infrastructure teams to embed security into every stage of the software delivery life cycle, ensuring compliance with federal standards (FISMA, FedRAMP, NIST 800-53/171, Zero Trust Principles)

Key Responsibilities:

Design and Manage CI/CD pipelines

Architect, implement, and maintain GitLab-based CI/CD pipelines for multiple applications and services.

Automate build, test, security scanning, and deployment workflows across on-prem and cloud (AWS, Azure, GCP) environments.

Optimize pipeline performance, reliability, and traceability to support rapid, secure releases.

Embed Security in the SDLC (DevSecOps)

Integrate SAST, DAST, SCA, container scanning, and laC scanning into GitLab pipelines.

Impement and maintain policy-as-code, security gates, and approvals aligned to Federal cybersecurity and compliance requirements.

Collaborate with security teams to respond to findings, prioritize remediations and continuously improve security posture.

Infrastructure as code and automation

Build and maintain infrastructure as code (laC) using tools such as Terraform, Ansible, Helm, or CloudFormation.

Automate environment provisioning, configuration management, and application deployment.

Contribute to standardized, reusable, pipeline templates and automation toolchains.

Compliance, Governance & Reporting

Align CI/CD and DevSecOps practices with NIST, FISMA, OMB, FedRAMP, and agency-specific policies.

Implement logging, monitoring, and auditing in support of ATO, PoA&M management, and continuous monitoring.

Produce documentation (runbooks, architecture diagrams, SOPs) to support audits and governance.

Partner with developers, product owners, cybersecurity, and operations teams to promote DevSecOps best practices.

Provide technical guidance and knowledge transfer on GitLab CI/CD automation, and secure coding practices.

Participate in incident response and post-incident reviews related to build, deployment, or security pipeline issues.

Qualifications and Skills:

Must be a U.S. citizen and able to obtain a Public Trust

5+ years' experience in DevOps/DevSecOps roles

3+ years working on federal programs or regulated environments, with practical understanding of NIST, FISMA, and FedRAMP requirements.

2+ years building and managing GitLab CI/CD pipelines (or equivalent, with recent GitLab focus).

Strong expertise with GitLab CI/CD (runners, pipelines, triggers, variables, artifacts, environments).

Experience integrating security tools (SAST, DAST, SCA, container scanning) into pipelines.

Hands-on experience with containers and orchestration (Docker, Kubernetes, OpenShift or equivalent).

Proficiency with IaC and automation tools such as Terraform, Ansible, or similar.

Solid knowledge of Linux, Shell scripting, and at least one programming language (Python, Go, or similar).

Familiarity with logging/monitoring tools (e.g. Splunk, CloudWatch, Prometheus, ELK/EFK).

Working knowledge of NIST 800-53/171, Zero Trust Principles, and continuous monitoring.

Experience supporting ATO processes and documenting controls in coordination with ISSOs/ISSMs

Strong communication skills with ability to translate technical topics for non-technical stakeholders and ability to work with cross-functional agile teams.

Desired Skills and Competencies:

Experience in HHS, NIH, CMS, ACF, DoD, or other civilian/defense agencies.

Experience with additional CI/CD tools (GitHub Actions, Jenkins, Azure DevOps) and migrating pipelines into GitLab.

Kubernetes Administrator (CKA) certification.

GIAC Cloud Security Automation (GCSA), CompTIA Security+, or similar.

AWS/Azure/GCP Associate or Professional-Level certifications.

Experience implementing Zero Trust-aligned architectures, especially around Identity, access, and data protection.

Additional Information:

You will drive the modernization of federal systems through secure, automated delivery. Help shape DevSecOps standards, patterns, and templates used across multiple programs. You will work with leaders and engineers passionate about security, automation, and mission impact.

Flexible work from home options available.