Knowledge Management, Inc.
Mid & Sr. DevSecOps Engineer
Knowledge Management, Inc., College Park, Maryland, us, 20741
Knowledge Management, Inc. (KMI)
has the leadership and experience to deliver innovative technology, logistics and management solutions to meet real mission requirements. KMI is a Minority Business Enterprise (MBE) and Small Disadvantaged Business (SDB) that specializes in Logistics, Warehouse Services, Distance Learning/Training, Enterprise Solutions, Financial Management Support, Program Management, Intelligence Analysis & Threat Assessment, and Data Analytics/Operations Research. Since 1998, our solutions and services have helped our clients improve performance, drive cost and operational effectiveness, and map technology needs for tomorrow's requirements. Title:
Mid & Sr. DevSecOps Engineer Onsite Locations:
Washington, DC - Reston, VA - College Park, MD Duration:
Multi-year contract Start date:
January/February Clearance:
TS/SCI with CI Poly Salary:
Please provide your salary requirement Multiple openings:
Mid-level 6+ years of experience, Sr. level 10+ years of experience. As a Mid & Sr. DevSecOps Engineer, you'll play a critical role in designing, implementing, and maintaining secure and efficient software development and deployment pipelines. You will collaborate with cross-functional teams to integrate security practices seamlessly into the development and operations lifecycle, ensuring the delivery of high-quality, secure, and reliable software solutions. What you'll do: Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle. Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks. Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components. Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure. Monitor and analyze system and application logs to detect and respond to security incidents. Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place. Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings. Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner. Contribute to the development and maintenance of security policies, procedures, and documentation. What you'll need to succeed: Active TS/SCI Clearance with CI poly. At least 6 -10+ years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle. Technical Competencies for Mid to Senior DevSecOps Engineers - The ideal candidate will have at least 1- 2 in each area: Gitlab
Proficient in using Git for daily operations - cloning, branching, merging, rebasing, tagging. Familiarity with branching strategies, e.g., GitFlow, GitHub Flow, etc. Managing Groups, Projects, and Users in self-hosted. Administering and troubleshooting Gitlab. Creating and maintaining Gitlab CI/CD YAML. Integrating security scanning tools into Gitlab pipelines - SAST, DAST. Jenkins
Configuring Jenkins agents. Writing Jenkinsfiles and utilizing shared (Groovy language experience). Strong experience in troubleshooting build failures or agent connection. Experience migrating pipelines from Jenkins to Gitlab or vice versa. Artifactory
Managing different repositories - Docker registries, Linux repos, NPM. Experience using Artifactory API (from CLI or with CI/CD integrations). Infrastructure as Code (IaC)
Writing modular Terraform configs to provision infrastructure (primarily on AWS). Understanding Terraform lifecycle, state management, and drift. Writing Ansible playbooks and roles to configure Linux servers and/or cloud. Using Ansible vault for secrets. Familiarity with cloud platforms (particularly AWS, but Azure and GCP helpful for multicloud). Containers & Orchestration
Building, managing, and securing container images (size reduction, multi-stage builds). Porting traditional apps to container. Troubleshooting Openshift application deployments, scaling. Familiarity with Openshift CLI (oc) commands for troubleshooting and routine cluster management. Security
Applying, verifying, and automating STIG compliance on Linux systems, containers. Understanding OWASP Top 10 and general familiarity with NIST SP 800 (series). Experience with managing secrets, SSL/TLS configurations, and code security. Technical Problem Solving
Advanced Linux command-line and system troubleshooting. Diagnosing and fixing issues related to performance, permissions, networking. Strong familiarity with logs and tools for finding and extracting information. Communicating technical solutions in clear, non-technical terms when necessary.
#J-18808-Ljbffr
has the leadership and experience to deliver innovative technology, logistics and management solutions to meet real mission requirements. KMI is a Minority Business Enterprise (MBE) and Small Disadvantaged Business (SDB) that specializes in Logistics, Warehouse Services, Distance Learning/Training, Enterprise Solutions, Financial Management Support, Program Management, Intelligence Analysis & Threat Assessment, and Data Analytics/Operations Research. Since 1998, our solutions and services have helped our clients improve performance, drive cost and operational effectiveness, and map technology needs for tomorrow's requirements. Title:
Mid & Sr. DevSecOps Engineer Onsite Locations:
Washington, DC - Reston, VA - College Park, MD Duration:
Multi-year contract Start date:
January/February Clearance:
TS/SCI with CI Poly Salary:
Please provide your salary requirement Multiple openings:
Mid-level 6+ years of experience, Sr. level 10+ years of experience. As a Mid & Sr. DevSecOps Engineer, you'll play a critical role in designing, implementing, and maintaining secure and efficient software development and deployment pipelines. You will collaborate with cross-functional teams to integrate security practices seamlessly into the development and operations lifecycle, ensuring the delivery of high-quality, secure, and reliable software solutions. What you'll do: Collaborate with development, operations, and security teams to integrate security practices into the software development lifecycle. Design, implement, and maintain CI/CD pipelines that incorporate automated security testing, vulnerability scanning, and compliance checks. Develop and maintain infrastructure as code (IaC) templates and configurations, ensuring security best practices are applied to cloud resources and infrastructure components. Perform regular security assessments, code reviews, and penetration testing to identify and address vulnerabilities and weaknesses in applications, code, and infrastructure. Monitor and analyze system and application logs to detect and respond to security incidents. Implement and manage identity and access management (IAM) solutions, ensuring appropriate authentication and authorization mechanisms are in place. Collaborate with software engineers to provide guidance on secure coding practices and assist in remediation of security findings. Participate in incident response activities, helping to investigate and mitigate security incidents in a timely manner. Contribute to the development and maintenance of security policies, procedures, and documentation. What you'll need to succeed: Active TS/SCI Clearance with CI poly. At least 6 -10+ years of experience as a DevSecOps Engineer or similar role, with a focus on integrating security into the software development lifecycle. Technical Competencies for Mid to Senior DevSecOps Engineers - The ideal candidate will have at least 1- 2 in each area: Gitlab
Proficient in using Git for daily operations - cloning, branching, merging, rebasing, tagging. Familiarity with branching strategies, e.g., GitFlow, GitHub Flow, etc. Managing Groups, Projects, and Users in self-hosted. Administering and troubleshooting Gitlab. Creating and maintaining Gitlab CI/CD YAML. Integrating security scanning tools into Gitlab pipelines - SAST, DAST. Jenkins
Configuring Jenkins agents. Writing Jenkinsfiles and utilizing shared (Groovy language experience). Strong experience in troubleshooting build failures or agent connection. Experience migrating pipelines from Jenkins to Gitlab or vice versa. Artifactory
Managing different repositories - Docker registries, Linux repos, NPM. Experience using Artifactory API (from CLI or with CI/CD integrations). Infrastructure as Code (IaC)
Writing modular Terraform configs to provision infrastructure (primarily on AWS). Understanding Terraform lifecycle, state management, and drift. Writing Ansible playbooks and roles to configure Linux servers and/or cloud. Using Ansible vault for secrets. Familiarity with cloud platforms (particularly AWS, but Azure and GCP helpful for multicloud). Containers & Orchestration
Building, managing, and securing container images (size reduction, multi-stage builds). Porting traditional apps to container. Troubleshooting Openshift application deployments, scaling. Familiarity with Openshift CLI (oc) commands for troubleshooting and routine cluster management. Security
Applying, verifying, and automating STIG compliance on Linux systems, containers. Understanding OWASP Top 10 and general familiarity with NIST SP 800 (series). Experience with managing secrets, SSL/TLS configurations, and code security. Technical Problem Solving
Advanced Linux command-line and system troubleshooting. Diagnosing and fixing issues related to performance, permissions, networking. Strong familiarity with logs and tools for finding and extracting information. Communicating technical solutions in clear, non-technical terms when necessary.
#J-18808-Ljbffr