DevSecOps Engineer (Secret Clearance)
Deloitte · Baltimore, MD · 2 days ago
HybridEngineering$108k–$188k/yrFull-time
Work You'll Do
As a Senior Consultant, Enterprise Security on the GPS Cyber team, you will be responsible for...
- Designing and implementing DevSecOps processes that integrate security controls into software development, build, release, and deployment workflows
- Building and maintaining continuous integration and continuous delivery pipelines with automated security testing, code scanning, dependency scanning, and secrets detection
- Supporting cloud and platform engineering teams with secure configuration, infrastructure as code, container security, and identity and access management practices
- Collaborating with application developers, architects, and cyber teams to remediate vulnerabilities, improve secure coding practices, and strengthen release governance
- Producing technical documentation, implementation artifacts, and status reporting to support delivery, audit readiness, and client stakeholder decision-making
Qualifications
- Bachelor's degree in computer science, cybersecurity, information technology, engineering, or mathematics
- Local to the DMV area and able to work onsite up to 5 days a week
- 4+ years of experience implementing DevSecOps practices across cloud or hybrid environments
- 4+ years of experience building or administering continuous integration and continuous delivery (CI/CD) pipelines using Jenkins, GitLab CI, GitHub Actions, or Azure DevOps
- 2+ years of experience integrating application security testing, dependency scanning, secrets scanning, or container security controls into CI/CD pipelines
- 3+ years of experience with Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP), and infrastructure as code using Terraform, AWS CloudFormation, or Ansible
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future
Preferred
- Experience supporting federal, state, local, or higher education environments
- Experience with National Institute of Standards and Technology (NIST) 800-53, NIST Secure Software Development Framework, FedRAMP, or Zero Trust security requirements
- Experience with Docker, Kubernetes, OpenShift, or container orchestration security practices
- Experience using SonarQube, Snyk, Prisma Cloud, Aqua, or comparable security tooling
- Experience developing automation using Python, PowerShell, Bash, or Go
- One or more certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Certified Security - Specialty, Microsoft Azure Security Engineer Associate, or Certified Kubernetes Security Specialist (CKS)