IMAGINEEER LLC
Benefits:
401(k) matching
Competitive salary
Health insurance
Paid time off
About this Role: We are seeking a
DevSecOps Engineer
with strong federal experience to lead secure CI/CD pipeline design, implementation, and operations—centered on GitLab and modern cloud-native practices. This role will drive security-by-design across the software delivery lifecycle, working closely with development, security, and infrastructure teams to ensure compliant, automated, and repeatable deployments for federal customers.
Key Responsibilities:
CI/CD Pipeline Engineering (GitLab-focused)
Design, build, and maintain GitLab CI/CD pipelines for multiple applications and services (microservices, APIs, infrastructure-as-code).
Implement standardized pipeline templates and reusable jobs to support consistent delivery across programs.
Integrate automated build, test, security scanning, and deployment steps into GitLab pipelines.
Optimize pipeline performance (caching, parallelization, artifact management) to reduce build and deploy times.
DevSecOps & Automation
Embed security controls early and continuously in the pipeline (SAST, DAST, SCA, container scanning, IaC scanning).
Automate compliance checks, policy-as-code, and configuration drift detection.
Implement and support infrastructure-as-code (IaC) solutions (Terraform, Ansible, CloudFormation, etc.) to provision and manage cloud and on-prem environments.
Integrate CI/CD with monitoring, logging, and alerting tools to provide full visibility across the delivery pipeline.
Federal Environment & Compliance
Design and operate pipelines aligned with federal security and compliance requirements (e.g., FISMA, NIST 800‑53, FedRAMP, Zero Trust principles).
Work with ISSOs, AO teams, and security/compliance stakeholders to provide pipeline and environment documentation supporting ATO packages.
Ensure secure configuration of build agents, runners, secrets management, and artifact repositories in compliance with agency policies.
Collaboration & Technical Leadership
Partner with development teams to define branching strategies, code review workflows, and release management practices in GitLab.
Collaborate with cybersecurity teams to respond to vulnerabilities, findings, and audits, and to implement remediations in code and pipelines.
Provide guidance, documentation, and training to engineers and stakeholders on DevSecOps best practices and GitLab usage.
Contribute to and enforce standards for coding, configuration management, and deployment processes.
Qualifications and Skills:
5+ years of hands‑on experience in DevOps/DevSecOps roles.
3+ years of experience designing and managing GitLab CI/CD pipelines at scale (GitLab SaaS or self‑managed).
Demonstrated experience supporting federal or public sector programs (civilian, DoD, or health agencies) with understanding of federal security expectations.
Strong experience with:
CI/CD tools: GitLab CI, runners, GitLab registry.
Languages / frameworks: at least one of Python, Java, JavaScript/TypeScript, .NET, Go.
Containers & orchestration: Docker, Kubernetes (EKS/AKS/GKE or on‑prem equivalents).
Infrastructure-as-Code: Terraform and/or Ansible (or equivalent).
Security tooling: SAST, DAST, SCA, container image scanning, secrets scanning.
Hands‑on experience deploying to cloud environments (AWS, Azure, GCP) and/or federal on‑prem/private cloud environments.
Familiarity with NIST, FedRAMP, Zero Trust , and common federal security control families (access control, configuration management, incident response, audit & accountability).
Strong scripting and automation skills (Bash, Python, or similar).
Excellent communication skills with the ability to explain complex technical concepts to non‑technical stakeholders.
Must be a U.S. Citizen and able to obtain a public trust clearance.
Desired Skills and Competencies:
Prior experience working directly with HHS, NIH, CMS, ACF, DoD, or similar federal agencies.
Experience supporting ATO processes, security assessments, and remediation of audit findings.
Hands‑on experience integrating GitLab with:
Issue tracking (Jira, GitLab issues)
Artifact repositories (GitLab registry, Nexus, Artifactory)
SIEM / logging platforms (e.g., Splunk, ELK/Opensearch, CloudWatch, Sentinel)
Experience implementing Zero Trust aligned architectures for CI/CD and runtime environments.
Certifications (nice to have, not required):
DevOps / Cloud: AWS/Azure/GCP Associate or Professional‑level, Kubernetes (A/CKAD).
Security: Security+, CISSP, CSSLP, or equivalent.
GitLab: GitLab Certified Associate / Professional (if applicable).
Additional Information: What You’ll Do in the First 90 Days
Assess existing CI/CD pipelines, GitLab projects, and environments for strengths, gaps, and quick wins.
Establish baseline DevSecOps standards (branching, approvals, scanning, artifact handling, promotions).
Implement or enhance at least one end‑to‑end secure CI/CD pipeline for a priority application, including automated security scans and environment provisioning.
Partner with security and compliance teams to map pipeline controls to NIST/FedRAMP requirements and support ongoing ATO work.
Flexible work from home options available.
#J-18808-Ljbffr
401(k) matching
Competitive salary
Health insurance
Paid time off
About this Role: We are seeking a
DevSecOps Engineer
with strong federal experience to lead secure CI/CD pipeline design, implementation, and operations—centered on GitLab and modern cloud-native practices. This role will drive security-by-design across the software delivery lifecycle, working closely with development, security, and infrastructure teams to ensure compliant, automated, and repeatable deployments for federal customers.
Key Responsibilities:
CI/CD Pipeline Engineering (GitLab-focused)
Design, build, and maintain GitLab CI/CD pipelines for multiple applications and services (microservices, APIs, infrastructure-as-code).
Implement standardized pipeline templates and reusable jobs to support consistent delivery across programs.
Integrate automated build, test, security scanning, and deployment steps into GitLab pipelines.
Optimize pipeline performance (caching, parallelization, artifact management) to reduce build and deploy times.
DevSecOps & Automation
Embed security controls early and continuously in the pipeline (SAST, DAST, SCA, container scanning, IaC scanning).
Automate compliance checks, policy-as-code, and configuration drift detection.
Implement and support infrastructure-as-code (IaC) solutions (Terraform, Ansible, CloudFormation, etc.) to provision and manage cloud and on-prem environments.
Integrate CI/CD with monitoring, logging, and alerting tools to provide full visibility across the delivery pipeline.
Federal Environment & Compliance
Design and operate pipelines aligned with federal security and compliance requirements (e.g., FISMA, NIST 800‑53, FedRAMP, Zero Trust principles).
Work with ISSOs, AO teams, and security/compliance stakeholders to provide pipeline and environment documentation supporting ATO packages.
Ensure secure configuration of build agents, runners, secrets management, and artifact repositories in compliance with agency policies.
Collaboration & Technical Leadership
Partner with development teams to define branching strategies, code review workflows, and release management practices in GitLab.
Collaborate with cybersecurity teams to respond to vulnerabilities, findings, and audits, and to implement remediations in code and pipelines.
Provide guidance, documentation, and training to engineers and stakeholders on DevSecOps best practices and GitLab usage.
Contribute to and enforce standards for coding, configuration management, and deployment processes.
Qualifications and Skills:
5+ years of hands‑on experience in DevOps/DevSecOps roles.
3+ years of experience designing and managing GitLab CI/CD pipelines at scale (GitLab SaaS or self‑managed).
Demonstrated experience supporting federal or public sector programs (civilian, DoD, or health agencies) with understanding of federal security expectations.
Strong experience with:
CI/CD tools: GitLab CI, runners, GitLab registry.
Languages / frameworks: at least one of Python, Java, JavaScript/TypeScript, .NET, Go.
Containers & orchestration: Docker, Kubernetes (EKS/AKS/GKE or on‑prem equivalents).
Infrastructure-as-Code: Terraform and/or Ansible (or equivalent).
Security tooling: SAST, DAST, SCA, container image scanning, secrets scanning.
Hands‑on experience deploying to cloud environments (AWS, Azure, GCP) and/or federal on‑prem/private cloud environments.
Familiarity with NIST, FedRAMP, Zero Trust , and common federal security control families (access control, configuration management, incident response, audit & accountability).
Strong scripting and automation skills (Bash, Python, or similar).
Excellent communication skills with the ability to explain complex technical concepts to non‑technical stakeholders.
Must be a U.S. Citizen and able to obtain a public trust clearance.
Desired Skills and Competencies:
Prior experience working directly with HHS, NIH, CMS, ACF, DoD, or similar federal agencies.
Experience supporting ATO processes, security assessments, and remediation of audit findings.
Hands‑on experience integrating GitLab with:
Issue tracking (Jira, GitLab issues)
Artifact repositories (GitLab registry, Nexus, Artifactory)
SIEM / logging platforms (e.g., Splunk, ELK/Opensearch, CloudWatch, Sentinel)
Experience implementing Zero Trust aligned architectures for CI/CD and runtime environments.
Certifications (nice to have, not required):
DevOps / Cloud: AWS/Azure/GCP Associate or Professional‑level, Kubernetes (A/CKAD).
Security: Security+, CISSP, CSSLP, or equivalent.
GitLab: GitLab Certified Associate / Professional (if applicable).
Additional Information: What You’ll Do in the First 90 Days
Assess existing CI/CD pipelines, GitLab projects, and environments for strengths, gaps, and quick wins.
Establish baseline DevSecOps standards (branching, approvals, scanning, artifact handling, promotions).
Implement or enhance at least one end‑to‑end secure CI/CD pipeline for a priority application, including automated security scans and environment provisioning.
Partner with security and compliance teams to map pipeline controls to NIST/FedRAMP requirements and support ongoing ATO work.
Flexible work from home options available.
#J-18808-Ljbffr