DevSecOps Engineer
Company: IMAGINEEER LLC
Location: Washington
Posted on: February 21, 2026
|
|
|
Job Description:
Job Description Job Description Benefits: 401(k) matching
Competitive salary Health insurance Paid time off About this Role:
We are seeking a DevSecOps Engineer with strong federal experience
to lead secure CI/CD pipeline design, implementation, and
operationscentered on GitLab and modern cloud-native practices.
This role will drive security-by-design across the software
delivery lifecycle, working closely with development, security, and
infrastructure teams to ensure compliant, automated, and repeatable
deployments for federal customers. Key Responsibilities: CI/CD
Pipeline Engineering (GitLab-focused) Design, build, and maintain
GitLab CI/CD pipelines for multiple applications and services
(microservices, APIs, infrastructure-as-code). Implement
standardized pipeline templates and reusable jobs to support
consistent delivery across programs. Integrate automated build,
test, security scanning, and deployment steps into GitLab
pipelines. Optimize pipeline performance (caching, parallelization,
artifact management) to reduce build and deploy times. DevSecOps &
Automation Embed security controls early and continuously in the
pipeline (SAST, DAST, SCA, container scanning, IaC scanning).
Automate compliance checks, policy-as-code, and configuration drift
detection. Implement and support infrastructure-as-code (IaC)
solutions (Terraform, Ansible, CloudFormation, etc.) to provision
and manage cloud and on-prem environments. Integrate CI/CD with
monitoring, logging, and alerting tools to provide full visibility
across the delivery pipeline. Federal Environment & Compliance
Design and operate pipelines aligned with federal security and
compliance requirements (e.g., FISMA, NIST 800-53, FedRAMP, Zero
Trust principles). Work with ISSOs, AO teams, and
security/compliance stakeholders to provide pipeline and
environment documentation supporting ATO packages. Ensure secure
configuration of build agents, runners, secrets management, and
artifact repositories in compliance with agency policies.
Collaboration & Technical Leadership Partner with development teams
to define branching strategies, code review workflows, and release
management practices in GitLab. Collaborate with cybersecurity
teams to respond to vulnerabilities, findings, and audits, and to
implement remediations in code and pipelines. Provide guidance,
documentation, and training to engineers and stakeholders on
DevSecOps best practices and GitLab usage. Contribute to and
enforce standards for coding, configuration management, and
deployment processes. Qualifications and Skills: 5 years of
hands-on experience in DevOps/DevSecOps roles. 3 years of
experience designing and managing GitLab CI/CD pipelines at scale
(GitLab SaaS or self-managed). Demonstrated experience supporting
federal or public sector programs (civilian, DoD, or health
agencies) with understanding of federal security expectations.
Strong experience with: CI/CD tools: GitLab CI, runners, GitLab
registry. Languages / frameworks: at least one of Python, Java,
JavaScript/TypeScript, .NET, Go. Containers & orchestration:
Docker, Kubernetes (EKS/AKS/GKE or on-prem equivalents).
Infrastructure-as-Code: Terraform and/or Ansible (or equivalent).
Security tooling: SAST, DAST, SCA, container image scanning,
secrets scanning. Hands-on experience deploying to cloud
environments (AWS, Azure, GCP) and/or federal on-prem/private cloud
environments. Familiarity with NIST, FedRAMP, Zero Trust , and
common federal security control families (access control,
configuration management, incident response, audit &
accountability). Strong scripting and automation skills (Bash,
Python, or similar). Excellent communication skills with the
ability to explain complex technical concepts to non-technical
stakeholders. Must be a U.S. Citizen and able to obtain a public
trust clearance. Desired Skills and Competencies: Prior experience
working directly with HHS, NIH, CMS, ACF, DoD, or similar federal
agencies. Experience supporting ATO processes, security
assessments, and remediation of audit findings. Hands-on experience
integrating GitLab with: Issue tracking (Jira, GitLab issues)
Artifact repositories (GitLab registry, Nexus, Artifactory) SIEM /
logging platforms (e.g., Splunk, ELK/Opensearch, CloudWatch,
Sentinel). Experience implementing Zero Trust aligned architectures
for CI/CD and runtime environments. Certifications (nice to have,
not required): DevOps / Cloud: AWS/Azure/GCP Associate or
Professional-level, Kubernetes (CKA/CKAD). Security: Security,
CISSP, CSSLP, or equivalent. GitLab: GitLab Certified Associate /
Professional (if applicable). Additional Information: What Youll Do
in the First 90 Days Assess existing CI/CD pipelines, GitLab
projects, and environments for strengths, gaps, and quick wins.
Establish baseline DevSecOps standards (branching, approvals,
scanning, artifact handling, promotions). Implement or enhance at
least one end-to-end secure CI/CD pipeline for a priority
application, including automated security scans and environment
provisioning. Partner with security and compliance teams to map
pipeline controls to NIST/FedRAMP requirements and support ongoing
ATO work Flexible work from home options available.
Keywords: IMAGINEEER LLC, Dale City , DevSecOps Engineer, IT / Software / Systems , Washington, Virginia
