Apply on Employer Site

imagineeer · 1 month ago

DevSecOps Engineer-Federal CI/CD & GitLab

Washington , DC 20201

Full-time

Hybrid

Mid, Senior Level

$125K/yr - $135K/yr

5+ years exp

Imagineeer is seeking a DevSecOps Engineer with deep federal experience to design, implement, and operate secure CI/CD pipelines using GitLab across complex, multi-cloud environments. The role involves collaborating with various teams to embed security into the software delivery life cycle and ensuring compliance with federal standards.

Computer Software

No H1B

U.S. Citizen Only

Responsibilities

Design and Manage CI/CD pipelines

Architect, implement, and maintain GitLab-based CI/CD pipelines for multiple applications and services

Automate build, test, security scanning, and deployment workflows across on-prem and cloud (AWS, Azure, GCP) environments

Optimize pipeline performance, reliability, and traceability to support rapid, secure releases

Embed Security in the SDLC (DevSecOps)

Integrate SAST, DAST, SCA, container scanning, and laC scanning into GitLab pipelines

Impement and maintain policy-as-code, security gates, and approvals aligned to Federal cybersecurity and compliance requirements

Collaborate with security teams to respond to findings, prioritize remediations and continuously improve security posture

Infrastructure as code and automation

Build and maintain infrastructure as code (laC) using tools such as Terraform, Ansible, Helm, or CloudFormation

Automate environment provisioning, configuration management, and application deployment

Contribute to standardized, reusable, pipeline templates and automation toolchains

Compliance, Governance & Reporting

Align CI/CD and DevSecOps practices with NIST, FISMA, OMB, FedRAMP, and agency-specific policies

Implement logging, monitoring, and auditing in support of ATO, PoA&M management, and continuous monitoring

Produce documentation (runbooks, architecture diagrams, SOPs) to support audits and governance

Partner with developers, product owners, cybersecurity, and operations teams to promote DevSecOps best practices

Provide technical guidance and knowledge transfer on GitLab CI/CD automation, and secure coding practices

Participate in incident response and post-incident reviews related to build, deployment, or security pipeline issues

Qualification

DevSecOps experienceGitLab CI/CDNIST complianceInfrastructure as CodeSecurity tool integrationContainer orchestrationLogging/monitoring toolsCloud platformsAgile teamworkCommunication

Required

Must be a U.S. citizen and able to obtain a Public Trust

5+ years' experience in DevOps/DevSecOps roles

3+ years' working on federal programs or regulated environments, with practical understanding of NIST, FISMA, and FedRAMP requirements

2+ years' building and managing GitLab CI/CD pipelines (or equivalent, with recent GitLab focus)

Strong expertise with GitLab CI/CD (runners, pipelines, triggers, variables, artifacts, environments)

Experience integrating security tools (SAST, DAST, SCA, container scanning) into pipelines

Hands-on experience with containers and orchestration (Docker, Kubernetes, OpenShift or equivalent)

Proficiency with IaC and automation tools such as Terraform, Ansible, or similar

Solid knowledge of Linux, Shell scripting, and at least one programming language (Python, Go, or similar)

Familiarity with logging/monitoring tools (e.g. Splunk, CloudWatch, Prometheus, ELK/EFK)

Working knowledge of NIST 800-53/171, Zero Trust Principles, and continuous monitoring

Experience supporting ATO processes and documenting controls in coordination with ISSOs/ISSMs

Strong communication skills with ability to translate technical topics for non-technical stakeholders and ability to work with cross-functional agile teams