IntelliTechRemote
Senior DevSecOps Engineer
United States of America
Full Time
1 day ago
$150,000 - $200,000 USD
No H1B
Key skills
DevOpsPlatform engineeringInfrastructure engineeringCloud engineeringATO or cATO processesDoD cloud environmentsArmy ECMAContainer orchestrationAmazon EKSAmazon ECSKubernetesInfrastructure as codeTerraformCloudFormationHelmCI/CD pipelinesAutomated testingContainer scanningDependency scanningSASTDASTSecurity hardeningSTIGVulnerability remediationSBOM generationAWS EC2AWS S3AWS IAMAWS KMSAWS Secrets ManagerAWS SSMAWS CloudWatchAWS VPCRedisElastiCacheDocumentDBIdentity and access managementSSOSAMLOIDCRBACCACRMFeMASSSecurity+CISSPPythonFastAPIReactMongoDBAnalyticsAWSDockerGitHub ActionsGitLab CIECSEKSEC2S3IAMCloudWatchPrismaGitHubGitLabCachingCI/CDCommunication
About this role
IntelliTech is a dynamic and forward-thinking small business specializing in Full Stack Engineering, Data Analytics, Cloud Solutions, and DevSecOps services. They are seeking a Senior DevSecOps Engineer to lead the infrastructure modernization and security hardening of a Government-owned digital twin application deployed in an Army cloud environment. This hands-on role involves architecting deployment infrastructure, building CI/CD pipelines, and ensuring the application is secure and ready for operational use.
Responsibilities:
- Transition the application from a single-host Docker deployment to a split-service containerized architecture using Amazon EKS, ECS, or another approved orchestration model
- Design and implement multi-tier environment separation across development, test/staging, and production
- Package frontend, backend API, and simulation worker services as independently deployable container artifacts
- Implement infrastructure-as-code using Terraform, CloudFormation, or approved equivalents for repeatable provisioning and configuration management
- Design the distributed execution model allowing simulation workers to scale independently from the API tier with bounded concurrency and isolation controls
- Configure managed platform services for persistence, caching, object storage, secrets management, and observability
- Build and maintain CI/CD pipelines using approved toolchains such as GitLab CI, GitHub Actions, or government-provided platform tooling
- Integrate automated build, test, container scanning, dependency scanning, SAST, and DAST into the delivery pipeline
- Implement promotion workflows with quality and security gates for development-to-staging and staging-to-production transitions
- Generate and maintain software bill of materials (SBOM) and dependency inventories as part of the build process
- Design rollback and recovery procedures for failed deployments, including restoration of prior known-good versions
- Harden container images and dependency baselines in alignment with STIG requirements and approved security standards
- Implement managed secrets storage, encryption in transit and at rest, least-privilege IAM policies, and appropriate network segmentation
- Integrate vulnerability scanning into release workflows and support remediation tracking
- Support closure of security findings through remediation, compensating controls, and evidence updates
- Ensure artifact retention and traceability sufficient to support promotion approval and auditability
- Integrate the application with CAC-enabled SSO and the identity provider required by the target environment using SAML, OIDC, or platform-specific approaches
- Replace local account models with externalized authentication through approved identity services
- Implement role-based access controls for analyst, administrator, and system functions
- Ensure user actions are traceable to authenticated identities
- Support the application-specific authorization effort from evidence planning through submission and remediation
- Produce and maintain authorization artifacts such as architecture diagrams, data flows, SBOMs, scan evidence, logging and monitoring descriptions, and operational runbooks
- Align evidence to the platform’s inheritance model where applicable rather than building a fully standalone compliance package
- Coordinate with government security stakeholders on evidence expectations, findings, and remediation
- Lead technical execution for promotion from development into production through approved DevSecOps pipelines and release gates
- Implement centralized logging, metrics, alarms, and service health monitoring across all application components
- Develop operational runbooks for deployment, monitoring, incident response, scaling, and maintenance
- Produce administrator and operator documentation, troubleshooting guides, and sustainment handoff materials
- Support training and transition activities at the conclusion of the implementation period
Requirements:
- Bachelor's degree in Computer Science, Information Systems, Engineering, Cybersecurity, or a related technical discipline and 8+ years of relevant experience; or Master's degree in a related field and 6+ years of relevant experience
- Active DoD Secret clearance
- 8+ years of professional experience in DevOps, platform engineering, infrastructure engineering, or cloud engineering roles
- Hands-on experience supporting ATO or cATO-related processes, including authorization evidence development, security findings remediation, and working with assessors or platform security stakeholders
- Experience deploying and operating applications in DoD or other accredited government cloud environments such as Army ECMA
- Strong experience with container orchestration using Amazon EKS, ECS, Kubernetes, or similar platforms
- Strong experience with infrastructure as code, including Terraform, CloudFormation, Helm, or similar tooling
- Experience designing and maintaining CI/CD pipelines with integrated automated testing, scanning, and promotion controls
- Experience with security hardening, including STIG-aligned practices, vulnerability remediation, SBOM generation, and secure container/image management
- Experience with AWS services such as EC2, EKS/ECS, S3, IAM, KMS, Secrets Manager, SSM, CloudWatch, VPC/networking, Redis/ElastiCache, and document or relational persistence services
- Experience integrating identity and access management solutions such as SSO, SAML, OIDC, RBAC, or CAC-enabled access patterns
- Strong communication skills and the ability to work directly with technical, operational, and security stakeholders
- Direct experience supporting Army cloud environments or similar government-managed enterprise cloud platforms
- Experience with RMF, eMASS, and inherited authorization models
- Experience operating in IL4 / IL5 or similarly regulated environments
- Experience with container security and vulnerability scanning tools such as Prisma Cloud, Anchore, Twistlock, or similar platforms
- Familiarity with Docker Compose to Kubernetes migration patterns
- Experience with MongoDB to DocumentDB migration or similar managed database transition efforts
- Experience supporting Python / FastAPI application deployment and performance tuning
- Prior experience supporting Army, logistics, manufacturing, industrial base, or enterprise platform modernization programs
- Certifications such as Security+, CISSP, or relevant cloud / Kubernetes certifications