DevSecOps Engineer
Company: IMAGINEEER LLC
Location: Washington
Posted on: April 3, 2026
|
|
|
Job Description:
Job Description Job Description About this Role: We are seeking
a DevSecOps Engineer with strong federal experience to lead secure
CI/CD pipeline design, implementation, and operations—centered on
GitLab and modern cloud-native practices. This role will drive
security-by-design across the software delivery lifecycle, working
closely with development, security, and infrastructure teams to
ensure compliant, automated, and repeatable deployments for federal
customers. Key Responsibilities: CI/CD Pipeline Engineering
(GitLab-focused) • Design, build, and maintain GitLab CI/CD
pipelines for multiple applications and services (microservices,
APIs, infrastructure-as-code). • Implement standardized pipeline
templates and reusable jobs to support consistent delivery across
programs. • Integrate automated build, test, security scanning, and
deployment steps into GitLab pipelines. • Optimize pipeline
performance (caching, parallelization, artifact management) to
reduce build and deploy times. DevSecOps & Automation • Embed
security controls early and continuously in the pipeline (SAST,
DAST, SCA, container scanning, IaC scanning). • Automate compliance
checks, policy-as-code, and configuration drift detection. •
Implement and support infrastructure-as-code (IaC) solutions
(Terraform, Ansible, CloudFormation, etc.) to provision and manage
cloud and on-prem environments. • Integrate CI/CD with monitoring,
logging, and alerting tools to provide full visibility across the
delivery pipeline. Federal Environment & Compliance • Design and
operate pipelines aligned with federal security and compliance
requirements (e.g., FISMA, NIST 800-53, FedRAMP, Zero Trust
principles). • Work with ISSOs, AO teams, and security/compliance
stakeholders to provide pipeline and environment documentation
supporting ATO packages. • Ensure secure configuration of build
agents, runners, secrets management, and artifact repositories in
compliance with agency policies. Collaboration & Technical
Leadership • Partner with development teams to define branching
strategies, code review workflows, and release management practices
in GitLab. • Collaborate with cybersecurity teams to respond to
vulnerabilities, findings, and audits, and to implement
remediations in code and pipelines. • Provide guidance,
documentation, and training to engineers and stakeholders on
DevSecOps best practices and GitLab usage. • Contribute to and
enforce standards for coding, configuration management, and
deployment processes. Qualifications and Skills: • 5 years of
hands-on experience in DevOps/DevSecOps roles. • 3 years of
experience designing and managing GitLab CI/CD pipelines at scale
(GitLab SaaS or self-managed). • Demonstrated experience supporting
federal or public sector programs (civilian, DoD, or health
agencies) with understanding of federal security expectations. •
Strong experience with: • CI/CD tools: GitLab CI, runners, GitLab
registry. • Languages / frameworks: at least one of Python, Java,
JavaScript/TypeScript, .NET, Go. • Containers & orchestration:
Docker, Kubernetes (EKS/AKS/GKE or on-prem equivalents). •
Infrastructure-as-Code: Terraform and/or Ansible (or equivalent). •
Security tooling: SAST, DAST, SCA, container image scanning,
secrets scanning. • Hands-on experience deploying to cloud
environments (AWS, Azure, GCP) and/or federal on-prem/private cloud
environments. • Familiarity with NIST, FedRAMP, Zero Trust, and
common federal security control families (access control,
configuration management, incident response, audit &
accountability). • Strong scripting and automation skills (Bash,
Python, or similar). • Excellent communication skills with the
ability to explain complex technical concepts to non-technical
stakeholders. - Must be a U.S. Citizen and able to obtain a public
trust clearance. Desired Skills and Competencies: • Prior
experience working directly with HHS, NIH, CMS, ACF, DoD, or
similar federal agencies. • Experience supporting ATO processes,
security assessments, and remediation of audit findings. • Hands-on
experience integrating GitLab with: • Issue tracking (Jira, GitLab
issues) • Artifact repositories (GitLab registry, Nexus,
Artifactory) • SIEM / logging platforms (e.g., Splunk,
ELK/Opensearch, CloudWatch, Sentinel). • Experience implementing
Zero Trust aligned architectures for CI/CD and runtime
environments. • Certifications (nice to have, not required): •
DevOps / Cloud: AWS/Azure/GCP Associate or Professional-level,
Kubernetes (CKA/CKAD). • Security: Security, CISSP, CSSLP, or
equivalent. • GitLab: GitLab Certified Associate / Professional (if
applicable). Additional Information: What You’ll Do in the First 90
Days • Assess existing CI/CD pipelines, GitLab projects, and
environments for strengths, gaps, and quick wins. • Establish
baseline DevSecOps standards (branching, approvals, scanning,
artifact handling, promotions). • Implement or enhance at least one
end-to-end secure CI/CD pipeline for a priority application,
including automated security scans and environment provisioning. •
Partner with security and compliance teams to map pipeline controls
to NIST/FedRAMP requirements and support ongoing ATO work
Keywords: IMAGINEEER LLC, Reston , DevSecOps Engineer, IT / Software / Systems , Washington, Virginia
