Application DevSecOps Engineer

Job Description Position Overview: This position is for a DevSecOps Engineer supporting DoD project for a federal customer. The project solution is a hyperconverged, multitenant hosting environment for hosting Army enterprise and tactical applications. The project is transitioning to a Kubernetes-based container orchestration platform, which may include Red Hat OpenShift or other Kubernetes distributions, to implement a modernized Software Defined Data Center (SDDC). The DevSecOps Engineer will play a critical role in modernizing applications into a DevSecOps framework, leveraging tools such as GitLab, Terraform, Ansible, and other automation and security tools to streamline development, deployment, and security processes. The customer provides value-added common and managed services built on top of the Kubernetes foundation, which hosted Army applications will require. The customer is a managed service provider (MSP) and hosting services provider for Army applications. Position Duties: The DevSecOps Engineer will be responsible for the following tasks: u2022 Design, implement, and maintain a DevSecOps framework for modernizing applications hosted in the AECC environment. u2022 Integrate tools such as GitLab Ultimate, Terraform, and Ansible into CI/CD pipelines to automate application development, deployment, and security processes. u2022 Develop and enforce security gates within CI/CD pipelines to ensure secure code, container images, and configurations are deployed. u2022 Collaborate with developers to containerize legacy applications and migrate them into Kubernetes-based environments. u2022 Integrate static application security testing (SAST), dynamic application security testing (DAST), and container image scanning tools into CI/CD pipelines. u2022 Use tools such as Trivy, Clair, or Anchore to scan container images for vulnerabilities. u2022 Implement secrets management solutions (e.g., HashiCorp Vault, Sealed Secrets) to securely manage sensitive data in pipelines and applications. u2022 Monitor CI/CD pipelines and Kubernetes workloads for performance, security, and compliance using the GitLab CI/CD dashboards. u2022 Optimize pipeline performance and resource utilization to reduce deployment times and improve scalability. u2022 Work closely with developers, Kubernetes administrators, and cybersecurity teams to ensure applications meet security and operational requirements. u2022 Provide training and guidance to development teams on DevSecOps best practices, tools, and workflows. u2022 Collaborate with internal and external stakeholders to transform high-level technical objectives into comprehensive technical requirements. u2022 Ensure applications and pipelines comply with frameworks such as DoD RMF, CIS Benchmarks, and NIST 800-53. u2022 Generate reports on pipeline security, application compliance, and deployment metrics for leadership and stakeholders. The target pay rate for this position is between $50-70/hr and is based on years of experience and qualifications. We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: Skills and Requirements Required Skills: u2022 Strong expertise in implementing and managing DevSecOps frameworks using tools such as GitLab, Azure DevOps, or Atlassian. u2022 Proficiency in Infrastructure as Code (IaC) tools, including Terraform and Ansible. u2022 Experience with containerization and orchestration tools, such as Docker, Kubernetes, and Red Hat OpenShift. Desired Skills: u2022 Knowledge of static application security testing (SAST) and dynamic application security testing (DAST) tools (e.g., SonarQube, OWASP ZAP, Burp Suite). u2022 Familiarity with container image scanning tools (e.g., Trivy, Clair, Anchore). u2022 Experience with secrets management tools (e.g., HashiCorp Vault, Sealed Secrets). u2022 Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating tasks and workflows. u2022 Experience with CI/CD pipeline automation and optimization. u2022 Working knowledge of DoD STIGs, IA Vulnerability Management (IAVM), and Risk Management Framework (RMF) and/or industry hardening best practices and processes. u2022 Experience with monitoring tools such as Prometheus, Grafana, and GitLab CI/CD dashboards. u2022 Strong troubleshooting skills for diagnosing issues in CI/CD pipelines and Kubernetes workloads. Required Certifications: u2022 DoD 8570.01-M IAT Level II certification (e.g., Security+ CE). u2022 Must obtain computing environment certifications (e.g., any GitLab certification, Azure DevOps, Jira, etc.) within 6 months of hire. Clearance Required: u2022 DoD Secret Clearance (must be active or obtainable).

Created: 2026-03-16