DevSecOps Engineer
Full Time • Hybrid - US
Benefits:
- 401(k) matching
- Competitive salary
- Health insurance
- Paid time off
About this Role:
We are seeking a DevSecOps Engineer with strong federal experience to lead secure CI/CD pipeline design, implementation, and operations—centered on GitLab and modern cloud-native practices. This role will drive security-by-design across the software delivery lifecycle, working closely with development, security, and infrastructure teams to ensure compliant, automated, and repeatable deployments for federal customers.
Key Responsibilities:
CI/CD Pipeline Engineering (GitLab-focused)
• Design, build, and maintain GitLab CI/CD pipelines for multiple applications and services (microservices, APIs, infrastructure-as-code).
• Implement standardized pipeline templates and reusable jobs to support consistent delivery across programs.
• Integrate automated build, test, security scanning, and deployment steps into GitLab pipelines.
• Optimize pipeline performance (caching, parallelization, artifact management) to reduce build and deploy times.
DevSecOps & Automation
• Embed security controls early and continuously in the pipeline (SAST, DAST, SCA, container scanning, IaC scanning).
• Automate compliance checks, policy-as-code, and configuration drift detection.
• Implement and support infrastructure-as-code (IaC) solutions (Terraform, Ansible, CloudFormation, etc.) to provision and manage cloud and on-prem environments.
• Integrate CI/CD with monitoring, logging, and alerting tools to provide full visibility across the delivery pipeline.
Federal Environment & Compliance
• Design and operate pipelines aligned with federal security and compliance requirements (e.g., FISMA, NIST 800-53, FedRAMP, Zero Trust principles).
• Work with ISSOs, AO teams, and security/compliance stakeholders to provide pipeline and environment documentation supporting ATO packages.
• Ensure secure configuration of build agents, runners, secrets management, and artifact repositories in compliance with agency policies.
Collaboration & Technical Leadership
• Partner with development teams to define branching strategies, code review workflows, and release management practices in GitLab.
• Collaborate with cybersecurity teams to respond to vulnerabilities, findings, and audits, and to implement remediations in code and pipelines.
• Provide guidance, documentation, and training to engineers and stakeholders on DevSecOps best practices and GitLab usage.
• Contribute to and enforce standards for coding, configuration management, and deployment processes.
• Design, build, and maintain GitLab CI/CD pipelines for multiple applications and services (microservices, APIs, infrastructure-as-code).
• Implement standardized pipeline templates and reusable jobs to support consistent delivery across programs.
• Integrate automated build, test, security scanning, and deployment steps into GitLab pipelines.
• Optimize pipeline performance (caching, parallelization, artifact management) to reduce build and deploy times.
DevSecOps & Automation
• Embed security controls early and continuously in the pipeline (SAST, DAST, SCA, container scanning, IaC scanning).
• Automate compliance checks, policy-as-code, and configuration drift detection.
• Implement and support infrastructure-as-code (IaC) solutions (Terraform, Ansible, CloudFormation, etc.) to provision and manage cloud and on-prem environments.
• Integrate CI/CD with monitoring, logging, and alerting tools to provide full visibility across the delivery pipeline.
Federal Environment & Compliance
• Design and operate pipelines aligned with federal security and compliance requirements (e.g., FISMA, NIST 800-53, FedRAMP, Zero Trust principles).
• Work with ISSOs, AO teams, and security/compliance stakeholders to provide pipeline and environment documentation supporting ATO packages.
• Ensure secure configuration of build agents, runners, secrets management, and artifact repositories in compliance with agency policies.
Collaboration & Technical Leadership
• Partner with development teams to define branching strategies, code review workflows, and release management practices in GitLab.
• Collaborate with cybersecurity teams to respond to vulnerabilities, findings, and audits, and to implement remediations in code and pipelines.
• Provide guidance, documentation, and training to engineers and stakeholders on DevSecOps best practices and GitLab usage.
• Contribute to and enforce standards for coding, configuration management, and deployment processes.
Qualifications and Skills:
• 5+ years of hands-on experience in DevOps/DevSecOps roles.
• 3+ years of experience designing and managing GitLab CI/CD pipelines at scale (GitLab SaaS or self-managed).
• Demonstrated experience supporting federal or public sector programs (civilian, DoD, or health agencies) with understanding of federal security expectations.
• Strong experience with:
• CI/CD tools: GitLab CI, runners, GitLab registry.
• Languages / frameworks: at least one of Python, Java, JavaScript/TypeScript, .NET, Go.
• Containers & orchestration: Docker, Kubernetes (EKS/AKS/GKE or on-prem equivalents).
• Infrastructure-as-Code: Terraform and/or Ansible (or equivalent).
• Security tooling: SAST, DAST, SCA, container image scanning, secrets scanning.
• Hands-on experience deploying to cloud environments (AWS, Azure, GCP) and/or federal on-prem/private cloud environments.
• Familiarity with NIST, FedRAMP, Zero Trust, and common federal security control families (access control, configuration management, incident response, audit & accountability).
• Strong scripting and automation skills (Bash, Python, or similar).
• Excellent communication skills with the ability to explain complex technical concepts to non-technical stakeholders.
• 3+ years of experience designing and managing GitLab CI/CD pipelines at scale (GitLab SaaS or self-managed).
• Demonstrated experience supporting federal or public sector programs (civilian, DoD, or health agencies) with understanding of federal security expectations.
• Strong experience with:
• CI/CD tools: GitLab CI, runners, GitLab registry.
• Languages / frameworks: at least one of Python, Java, JavaScript/TypeScript, .NET, Go.
• Containers & orchestration: Docker, Kubernetes (EKS/AKS/GKE or on-prem equivalents).
• Infrastructure-as-Code: Terraform and/or Ansible (or equivalent).
• Security tooling: SAST, DAST, SCA, container image scanning, secrets scanning.
• Hands-on experience deploying to cloud environments (AWS, Azure, GCP) and/or federal on-prem/private cloud environments.
• Familiarity with NIST, FedRAMP, Zero Trust, and common federal security control families (access control, configuration management, incident response, audit & accountability).
• Strong scripting and automation skills (Bash, Python, or similar).
• Excellent communication skills with the ability to explain complex technical concepts to non-technical stakeholders.
- Must be a U.S. Citizen and able to obtain a public trust clearance.
Desired Skills and Competencies:
• Prior experience working directly with HHS, NIH, CMS, ACF, DoD, or similar federal agencies.
• Experience supporting ATO processes, security assessments, and remediation of audit findings.
• Hands-on experience integrating GitLab with:
• Issue tracking (Jira, GitLab issues)
• Artifact repositories (GitLab registry, Nexus, Artifactory)
• SIEM / logging platforms (e.g., Splunk, ELK/Opensearch, CloudWatch, Sentinel).
• Experience implementing Zero Trust aligned architectures for CI/CD and runtime environments.
• Certifications (nice to have, not required):
• DevOps / Cloud: AWS/Azure/GCP Associate or Professional-level, Kubernetes (CKA/CKAD).
• Security: Security+, CISSP, CSSLP, or equivalent.
• GitLab: GitLab Certified Associate / Professional (if applicable).
• Experience supporting ATO processes, security assessments, and remediation of audit findings.
• Hands-on experience integrating GitLab with:
• Issue tracking (Jira, GitLab issues)
• Artifact repositories (GitLab registry, Nexus, Artifactory)
• SIEM / logging platforms (e.g., Splunk, ELK/Opensearch, CloudWatch, Sentinel).
• Experience implementing Zero Trust aligned architectures for CI/CD and runtime environments.
• Certifications (nice to have, not required):
• DevOps / Cloud: AWS/Azure/GCP Associate or Professional-level, Kubernetes (CKA/CKAD).
• Security: Security+, CISSP, CSSLP, or equivalent.
• GitLab: GitLab Certified Associate / Professional (if applicable).
Additional Information:
What You’ll Do in the First 90 Days
• Assess existing CI/CD pipelines, GitLab projects, and environments for strengths, gaps, and quick wins.
• Establish baseline DevSecOps standards (branching, approvals, scanning, artifact handling, promotions).
• Implement or enhance at least one end-to-end secure CI/CD pipeline for a priority application, including automated security scans and environment provisioning.
• Partner with security and compliance teams to map pipeline controls to NIST/FedRAMP requirements and support ongoing ATO work
• Assess existing CI/CD pipelines, GitLab projects, and environments for strengths, gaps, and quick wins.
• Establish baseline DevSecOps standards (branching, approvals, scanning, artifact handling, promotions).
• Implement or enhance at least one end-to-end secure CI/CD pipeline for a priority application, including automated security scans and environment provisioning.
• Partner with security and compliance teams to map pipeline controls to NIST/FedRAMP requirements and support ongoing ATO work
Flexible work from home options available.
About Us
Our Approach
We firmly believe in the uniqueness of every business, necessitating a personalized approach to transformation. This conviction drives us to invest time in comprehending an organization's historical challenges and operational framework. Our commitment is to foster innovation by adopting a tailored strategy that optimizes the utilization of an organization's human resources and data assets. With a wealth of experience, we specialize in guiding organizations through the implementation of post-quantum security, protocols for autonomy, and artificial intelligence.
We are committed to working with clients to positively disrupt, modernize, and transform their organizations and business processes. Noteworthy achievements include initiatives aimed at enhancing human resilience in the food supply chain, leveraging autonomy for streamlined operations, establishing root-of-trust capabilities for high-quality, trusted data, and designing ecosystems and tools for securing and transferring digital value through digital wallets. . Our proficiency extends to using artificial intelligence and data to fortify security and enhance visibility in data assets, aiding in the management of health issues at local, state, and national levels. We've developed a modern security posture to effectively mitigate risks associated with cyber attacks from nation-states. Our wealth of experience is underpinned by collaborative work with diverse multidisciplinary teams, thriving in highly complex and rapidly changing environments.
Our Mission
Imagineeer's mission is to empower transformation through the operationalization of intuition. We establish an innovation pipeline, reimagining operations by delving into data analysis to optimize outcomes for our valued customers.
Collaborating closely with our clients, we strive to actualize the inherent genius embedded within their organizational structure. Our efforts focus on the transformation of organizations, emphasizing the development of foundational strengths in key areas, including data, personnel, hypothesis development, and the cultivation of a learning-from-failure mindset.
(if you already have a resume on Indeed)