DevSecOps Engineer - Summit TRC

Summit TRC is a self-represented small, disadvantaged business focused on solving complex problems in defense and space domains. We believe quality services are effectuated by integrity, strong work ethic, and relationships. We are powered by people, motivated by the warfighter, focused on the mission

Job Title: DevSecOps Engineer

Location: This role is Hybrid with onsite requirements in Huntsville, AL.

Must be a US Citizen capable of passing a stringent background check due consistent with government contractual obligations

Job Description:

We are looking for a skilled DevSecOps-focused Software Engineer to help build and manage a modern digital infrastructure supporting a Department of Defense (DoD) software factory. In this role, you will work on a highly collaborative team, enabling secure and scalable cloud-based environments. You will be responsible for implementing cutting-edge DevSecOps practices and working with cloud infrastructure (AWS, Azure), Continuous Integration/Continuous Deployment (CI/CD) pipelines, Infrastructure as Code (IaC) frameworks, and automation tools.

This is a key role in ensuring the DoD software development environment is secure, reliable, and continuously optimized to meet the demanding requirements of defense applications.

Key Responsibilities:

• Cloud Infrastructure Management: Design, implement, and manage cloud environments (AWS, Azure) to support a secure and scalable DoD software factory. Automate provisioning, configuration, and monitoring of infrastructure using Infrastructure as Code (IaC) tools like Terraform.
• CI/CD Pipeline Development: Build, maintain, and optimize CI/CD pipelines using GitLab, ensuring seamless integration of security controls and best practices into the software delivery process.
• DevSecOps Implementation: Integrate security practices (such as vulnerability scanning, static/dynamic code analysis, and compliance checks) into the development lifecycle, ensuring security is embedded at every stage.
• Automation & Scripting: Develop and maintain automation scripts for provisioning infrastructure, deploying applications, and performing security checks. Use tools such as Ansible, Jenkins, and scripting languages like Python or Bash.
• Collaboration & Support: Work closely with software developers, security engineers, and operations teams to troubleshoot issues, streamline workflows, and ensure that the software factory remains highly available and efficient.
• Monitoring & Optimization: Implement monitoring solutions to track system performance, security, and availability, optimizing infrastructure and DevSecOps workflows to ensure the highest level of reliability and performance.
• Compliance & Security: Ensure cloud environments and workflows are compliant with DoD security standards and frameworks (e.g., NIST, RMF), providing technical expertise to maintain a secure, compliant development infrastructure.
• Documentation & Training: Maintain detailed documentation of processes, configurations, and best practices. Provide training and support to team members on DevSecOps tools and methodologies.

Qualifications:

• Education & Experience:

  • Bachelor's degree in Computer Science, Engineering, or a related field.
  • 7+ years of experience in DevSecOps, software engineering, cloud infrastructure management, or in other relevant areas.

• Technical Skills:

  • Cloud Platforms: Extensive experience with AWS or Azure cloud environments, including services such as EC2, S3, Lambda, AKS/EKS, VPCs, etc.
  • Agile: Extensive experience operating in an Agile environment
  • Infrastructure as Code: Strong proficiency with Terraform or other IaC tools for managing cloud infrastructure.
  • CI/CD Pipelines: Experience building and maintaining CI/CD pipelines using GitLab or similar tools, with a focus on automating software builds, tests, and deployments.
  • Automation: Proficiency in scripting languages (e.g., Python, Bash) and automation tools (e.g., Ansible, Jenkins).
  • Security: Strong understanding of DevSecOps principles, including integrating security into CI/CD pipelines and cloud infrastructure. Familiarity with security tools such as SAST, DAST, and vulnerability management platforms.
  • Monitoring: Experience with cloud monitoring tools and platforms to ensure infrastructure reliability (e.g., Prometheus, Grafana, CloudWatch, Azure Monitor).

• Clean Record

  • Ability to pass a stringent set of background checks to ensure contract compliance (U.S. citizenship required).

Preferred Qualifications:

• Experience with DoD security standards and compliance frameworks, including RMF, NIST, and DISA STIGs.
• Familiarity with Kubernetes and container orchestration in cloud environments.
• Knowledge of Agile and DevSecOps methodologies, with the ability to adapt to fast-paced, collaborative development processes.

Additional Information:

• Occasional travel may be required to support project initiatives and team collaboration.