SME DevSecOps Engineer

GovCIO is currently hiring a DevSecOps Engineer with an active Secret clearance to define, develop, and deploy cloud hosting and pipeline infrastructure to automate the software development lifecycle for a Government IT contract. This position will be located in Fairfax, VA and will be a hybrid position.

The DevSecOps Engineer defines, develops, and deploys cloud hosting and pipeline infrastructure to automate the software development lifecycle. This role designs and implements privacy and security best practices across all pipeline stages, ensuring that continuous integration, testing, and deployment are executed securely and efficiently. The engineer leads development teams in applying security gates, automated builds, and testing within the pipeline and resolves architectural or operational issues affecting the pipeline or cloud‑hosting environment.

Bachelor's with 12+ years (or commensurate experience)

Active Secret clearance with ability to obtain and hold DEA suitability

Required Skills and Experience

• Strong proficiency with AWS services used in modern DevSecOps platforms, including IAM, ECS/EKS, Lambda, EC2, S3, CloudWatch, CloudTrail, KMS, Secrets Manager, and VPC‑level security controls.
• Hands‑on experience designing, building, and maintaining enterprise‑grade CI/CD pipelines using GitHub Actions or other YAML‑based automation frameworks.
• Expertise in infrastructure‑as‑code using Terraform, CloudFormation, or CDK, including modular design, environment provisioning, and enforcing configuration baselines.
• Strong understanding of containerization technologies such as Docker and Kubernetes, including image hardening, policy enforcement, admission controls, network policies, and automated image scanning.
• Experience implementing DevSecOps security controls such as SAST, SCA, IaC scanning, dependency validation, secrets detection, and supply‑chain protection within the CI/CD pipeline.
• Experience with cloud‑native networking, load balancers, service mesh, and secure service‑to‑service communication patterns.
• Proficiency in setting up automated test frameworks (unit, integration, API, smoke, regression) and incorporating them into the pipeline.
• Familiarity with logging, monitoring, and observability stacks such as ELK/OpenSearch, Prometheus/Grafana, AWS CloudWatch, or Datadog.
• Experience with automated deployment strategies, including blue/green, canary, and rolling deployments.
• Strong knowledge of Linux fundamentals, shell scripting, and troubleshooting distributed cloud systems.
• Experience implementing Zero Trust‑aligned security principles (least privilege, identity‑centric access, secrets management, configuration hardening) within DevSecOps workflows.
• Ability to diagnose and resolve performance, build, deployment, and pipeline reliability issues across multiple environments.
• Experience supporting or collaborating with development, cloud engineering, cybersecurity, and operations teams in an Agile environment.
• Excellent documentation skills for pipeline designs, runbooks, IaC modules, architecture diagrams, and operational procedures.