Pyramid Technology Solutions, Inc
Senior DevSecOps Engineer
Pyramid Technology Solutions, Inc, Colorado Springs, Colorado, 80509
Client: Rapid Strategy Job Title: Senior DevSecOps Engineer Location: National Capital Region (NRC) or Colorado Springs, CO (Onsite 100%) Clearance Level: Active TS/SCI with CI Polygraph Citizenship: U.S. Citizen About Us: Rapid Strategy is a premier cybersecurity consulting firm specializing in advanced, comprehensive cybersecurity solutions for federal government agencies. As a minority-owned business, we are committed to protecting national security by providing our clients with cutting-edge security strategies and implementations. Position Overview: We are seeking a highly experienced Senior DevSecOps Engineer to work onsite in Washington, DC or Colorado Springs, CO. The ideal candidate will have a minimum of 6 years of experience in DevSecOps, with extensive knowledge of integrating security into CI/CD pipelines, cloud environments, and containerized applications. The candidate must possess an active TS//SCI clearance with CI polygraph and meet or exceed DoD 8140 IAM Level II or III requirements. Key Responsibilities: DevSecOps Pipeline Integration: Design, implement, and manage secure CI/CD pipelines for federal government systems, embedding automated security checks and controls into the software development lifecycle. Infrastructure as Code (IaC): Develop and manage infrastructure using IaC tools (e.g., Terraform, Ansible) to ensure secure and compliant deployment of systems and services across on-premise and cloud environments. Security Controls & Compliance: Implement security controls and ensure continuous compliance with federal frameworks, including NIST SP 800-53, RMF, ICD 503, and FedRAMP, in both cloud and containerized environments (IL5-IL6). Log Management & Monitoring: Specify and implement log collection processes using tools like Splunk, and perform querying and analysis of aggregated logs to identify security-relevant anomalies and risks. Cloud Security: Implement and manage security within cloud environments such as AWS GovCloud, Azure Government, and containerized systems using Kubernetes, ensuring all security controls are met and maintained. Automation & Orchestration: Develop automation scripts and tools to integrate security into all aspects of development, testing, and deployment processes. Ensure security best practices are followed within the DevSecOps lifecycle. Incident Response: Lead efforts in securing systems during incidents, including conducting forensic analysis, coordinating responses, and ensuring systems are returned to operational status with appropriate remediations. Collaboration: Work closely with federal development, operations, and security teams to foster a security-first culture and ensure security is embedded in every aspect of system development and deployment. Documentation and Reporting: Prepare detailed technical documentation for systems, processes, and configurations. Provide clear and concise reports to federal stakeholders on security posture, incidents, and compliance with federal standards. Qualifications: Experience: At least 6 years of experience in DevSecOps, including designing, implementing, and managing CI/CD pipelines, cloud environments, and containerized applications. Extensive experience with federal government regulatory frameworks (e.g., NIST SP 800-53, RMF, ICD 503, FISMA, FedRAMP). Strong background in log collection and analysis using tools like Splunk, identifying security anomalies and responding appropriately. Experience in cloud platforms (AWS GovCloud, Azure Government) and containerized environments (Kubernetes, Docker). Knowledge of IaC tools such as Terraform, Ansible, and security automation tools. Clearance: Active TS/SCI clearance with CI polygraph is required. U.S. citizenship is mandatory. Education & Certifications: Bachelor's degree in Computer Science, Information Security, or a related field. CISSP or equivalent certification to support DoD 8140 requirements (IAM Level II or III preferred). Technical Expertise: Proficiency with CI/CD tools (e.g., Jenkins, GitLab, Azure DevOps), IaC tools (e.g., Terraform, Ansible), and security tools (e.g., Fortify, Acunetix, Prisma Cloud). Experience with cloud security, container security, and DevSecOps practices within highly classified environments (IL5 to IL6). Strong understanding of network protocols, operating systems, and infrastructure components, particularly as they relate to secure DevSecOps implementations. Incident Response: Proficient in incident response and forensic analysis techniques, ensuring rapid recovery from security incidents while maintaining system integrity. Communication Skills: Excellent communication skills, capable of conveying complex security concepts to both technical and non-technical stakeholders. Work Environment: Location: Onsite, 100% at the National Capital Region (NRC),Colorado Springs, CO. No remote work is permitted. Clearance Requirement: Active TS//SCI with CI Polygraph is mandatory.