DevSecOps Engineer II at Sev1tech, Inc. – Remote, Virginia

Sev1Tech is looking for a Software Developer with DevSecOps experience with expertise in technologies and capabilities in the areas of design, integration, test and evaluation, deployment, cybersecurity, and maintenance of new software applications.

• Design, Develop, maintain, and secure continuous integration (CI) and continuous delivery (CD) solutions in various orchestrator tooling
• Directly support the analysis, closure, and verification of Security Technical Implementation Guide (STIG) findings
• Design, develop, and implement a scalable and secure DevSecOps infrastructure, including CI/CD pipelines, version control systems, and automated testing frameworks
• Implement automated deployment and configuration management processes and containerization technologies (e.g., Docker, Kubernetes)
• Develop and enforce best practices and standards for code quality, application security, and performance optimization, ensuring adherence to federal guidelines and compliance requirements
• Collaborate with cybersecurity personnel to identify and implement appropriate security controls, automated security scans, and vulnerability assessments throughout the software development lifecycle
• Update software development processes and procedures where necessary
• Support updates to unit and integration tests and pipelines corresponding to software updates
• Assist in establishing, developing, and maintaining the platform and infrastructure environment necessary to host the application for development, test, and stage
• Design, Develop, maintain, and secure OCI-compliant container solutions for Kubernetes environments
• Develop Infrastructure as Code (IaC) to build and configure high performing, scalable, secure cloud-based infrastructure
• Support the deployment of microservices to cloud or on-prem hosted Kubernetes environments
• Support the development of new code, updates, including security updates, and fixes to software applications following the SCRUM software development process

Salary: $100,000 DOE

• B.S. in Computer Science, or similar degree with 3+ years of relevant experience
• Proven experience as a Software Developer, DevOps Engineer, or similar role, preferably in a federal or government contracting environment. Experience in line with the following:
  • CI/CD pipelines to automate application build, test and deployment processes
  • Implementation, Monitoring, Analysis, closure, and verification of Security Technical Implementation Guide (STIG) findings
  • Container orchestration and other container tools such as Kubernetes, OpenShift, Docker, Helm charts
  • Experience withInfrastructure as Code and infrastructure testing strategies (using Terraform)
  • Experience with DevOps Automation platforms for Continuous Integration and Continuous Deployment (CI/CD) like Harness, Jenkins, and Gitlab
  • Experience with Static Application Security Testing (SAST) Tools such as Fortify, SonarQube, and XRAY
  • Experience with Dynamic Application Security Testing (DAST) tools like OWASP ZAP
  • Experience in Site Reliability Engineering (SRE)
  • Experience containerizing applications using OCI-compliant tools (Docker, Buildah, apko, etc).
  • Must possess demonstrated experience withsecuring containerized environments
  • Must be highly proficient withLinux
  • Must be proficient withBash,Python, or similar scripting
  • Experience and understanding of theentire Software Development Lifecycle (SDLC)
  • Strong software development experience working in an Agile Scrum environment
  • Experience with systems reliability, load balancing, monitoring, logging
• Familiarity with Agile/Scrum development methodologies and experience working within an Agile team.
• Excellent communication and collaboration skills, with the ability to effectively interface with technical and non-technical stakeholders.

Security Clearance: Must be able to provide proof of US Citizenship and have or are able to attain a Government Agency Suitability Clearance.

• Prior experience with cyber, information, or application security tools such as:Twistlock/Prism Cloud Compute, SonarQube, Splunk, etc.
• Hands-on programming experience with Groovy, Python, Springboot Java, and Javascript.
• Experience withDevSecOps
• Familiarity with AWS databases, IAM management, and VPC configuration
• Understanding ofEverything as Code