ForgeApply
Try it free

ForgeApply · Job listing

Senior DevSecOps Engineer

Trexsolutions

Remote · Arlington, VA / Remote, US$100k

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

T-Rex Solutions is seeking a Senior DevSecOps Engineer to support our FDIC customer. This role is primarily remote with potential for occasional meetings at FDIC HQ in Arlington, VA as needed.

Responsibilities:

• DevSecOps Engineering and Automation

• Design, develop, implement, and maintain enterprise DevSecOps solutions that integrate development, security, testing, and operations capabilities.

• Build and optimize CI/CD pipelines that support automated software builds, testing, security scanning, deployment, and release management.

• Support software development teams by integrating security, compliance, and quality controls throughout the SDLC.

• Develop and maintain Infrastructure as Code (IaC) solutions to automate provisioning, configuration, and management of cloud and on-premises infrastructure.

• Implement automated deployment and configuration management processes to improve consistency, reliability, and scalability.

• Participate in the design, configuration, testing, administration, and monitoring of enterprise DevSecOps toolchains.

• Research, evaluate, and recommend emerging DevSecOps technologies, tools, frameworks, and best practices.

• Security Integration

• Embed security controls and compliance requirements into all phases of the SDLC.

• Integrate and maintain application security tools and processes, including: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Container and image scanning, Secret detection and credential management, Infrastructure security scanning, and Fuzz testing

• Support implementation of Zero Trust security principles across development and operational environments.

• Ensure compliance with federal cybersecurity requirements and security engineering best practices.

• Assist with vulnerability identification, remediation planning, risk mitigation, and security reporting.

• Support audit readiness activities and compliance documentation requirements.

• Automated Testing and Quality Engineering

• Develop and lead enterprise testing automation strategies integrated within DevSecOps pipelines.

• Implement automated functional, integration, regression, performance, load, and security testing capabilities.

• Enable self-service testing capabilities for product teams and development organizations.

• Establish and maintain testing frameworks, automation standards, and quality assurance processes.

• Define and implement test coverage metrics, quality gates, pass/fail criteria, and release readiness requirements.

• Champion shift-left testing practices by integrating validation and testing activities early in the SDLC.

• Promote continuous improvement of test plans, test data management processes, and automated testing frameworks.

• Ensure traceability between requirements, work items, source code, test cases, vulnerabilities, risk mitigation activities, and releases.

• Analyze and report testing outcomes, quality trends, vulnerabilities, and performance metrics to stakeholders and leadership.

• Technical Leadership

• Provide technical leadership and mentorship to software engineers, DevSecOps practitioners, testers, and operations personnel.

• Serve as a subject matter expert for DevSecOps methodologies, toolchains, automation frameworks, and software engineering best practices.

• Support architecture reviews, design discussions, technical evaluations, and modernization initiatives.

• Collaborate with Solution Architects, Security Architects, Product Owners, and technical teams to ensure alignment with organizational goals.

Requirements :

• Bachelor's degree in Computer Science, Software Engineering, Computer Engineering, Information Systems, Cybersecurity, or a related technical field.

• Minimum of 8 years of experience in software engineering, DevOps, DevSecOps, cloud engineering, cybersecurity engineering, or related disciplines.

• Demonstrated experience implementing DevSecOps practices within enterprise environments, supporting complex application development and modernization initiatives.

• Experience developing and maintaining CI/CD pipelines and deployment automation frameworks.

• Experience integrating automated testing and security controls into software delivery processes.

• Experience supporting hybrid cloud and on-premises environments.

• Strong understanding of Agile software development methodologies.

• Extensive experience with DevSecOps tools, automation frameworks, and software delivery platforms.

• Strong knowledge of Microsoft Azure

• Experience with the following toolset: GitHub Enterprise Server/Cloud, JFrog Artifactory, JFrog Xray, SonarQube, GitHub Advanced Security, GitHub Copilot, and Subject7

• Knowledge of containerization and infrastructure technologies including Azure Kubernetes Services (AKS), Virtual Machines, Application Gate Way, App Services, Key Vaults, ServiceNow, CyberArk, and Terraform

• Proficiency in one or more modern programming and scripting languages such as Java, C#, Python

• Experience with source code repositories, version control systems, and artifact management platforms.

• Strong understanding of:

• Zero Trust Architecture

• Application Security (AppSec)

• NIST 800-53 security controls

• Continuous Monitoring

• Logging and Audit Requirements (M-21-31)

• Knowledge of enterprise testing frameworks and automated quality assurance practices.

• Strong written and verbal communication skills with demonstrated experience briefing senior-level personnel.

• Experience supporting Continuous Authority to Operate (ATO) initiatives.

• Ability to obtain and maintain a Public Trust, suitability determination, or other clearance level required.

Desired Skills:

• One or more of the following certifications are preferred:

• Certified Kubernetes Administrator (CKA)

• Certified Kubernetes Security Specialist (CKS)

• Microsoft Azure DevOps Engineer Expert

• Microsoft Azure Solutions Archite

Ready to apply to Trexsolutions?

Apply in about a minute

Similar jobs