DevSec Ops Engineer, Sr. (Job 1142)

DLH delivers improved health and national security readiness solutions for federal programs through science research and development, systems engineering and integration, and digital transformation. Our experts in public health, performance evaluation, and health operations solve the complex problems faced by civilian and military customers alike by leveraging advanced tools – including digital transformation, artificial intelligence, data analytics, cloud enablement, modeling, and simulation, and more. With over 2,400 employees dedicated to the idea that “Your Mission is Our Passion,” DLH brings a unique combination of government sector experience, proven methodology, and unwavering commitment to innovation to improve the lives of millions.

Overview 

We’re seeking a highly experienced and strategic Senior DevSecOps Engineer to lead and mentor our team supporting the Centers for Disease Control and Prevention’s (CDC) Cloud Architecture & Optimization Services (CAOS) contract. In this critical leadership role, you’ll be instrumental in defining and driving the transformation of CDC’s cloud landscape by embedding advanced security and automation throughout the entire software development lifecycle. You’ll architect solutions, lead diverse teams, streamline enterprise-level processes, significantly enhance the security posture, and accelerate the delivery of secure, cloud-native solutions across multi-cloud environments (Azure, AWS, GCP). 

Responsibilities 

The Senior DevSecOps Engineer will provide expert-level continuous integration, continuous delivery, and continuous security support within a highly secure, compliant, and agile environment. Specific duties will include, but not be limited to: 

• Strategic CI/CD Pipeline Architecture & Leadership: Architect, lead, and optimize robust CI/CD pipelines for complex, enterprise-level cloud-native applications, leveraging advanced features of Jenkins, GitLab CI/CD, or GitHub Actions across Azure, AWS, and GCP. 
• Advanced Infrastructure as Code (IaC) & Automation: Drive the adoption and implementation of IaC principles and tools (e.g., Terraform, Ansible, CloudFormation, Azure Resource Manager), developing complex automation scripts and frameworks for consistent, repeatable, and highly secure cloud environments. 
• Containerization & Orchestration Expertise: Design, implement, and manage advanced containerized workloads using Docker and Kubernetes (including managed services like Azure Red Hat OpenShift (ARO) or EKS/GKE), optimizing for high availability, disaster recovery, performance, and security at scale. 
• Security Automation & Compliance Leadership: Lead the integration of automated security testing tools (SAST, DAST, SCA) into enterprise CI/CD pipelines. Develop and implement advanced Policy-as-Code (PaC) frameworks to enforce stringent security and compliance guardrails (e.g., NIST RMF, Zero Trust Architecture) across all cloud resources. 
• Enterprise Cloud Operations & Monitoring Strategy: Define and implement comprehensive monitoring, logging, and alerting strategies for cloud infrastructure and application deployments across the enterprise. Utilize and integrate native CSP tools (e.g., Azure Monitor, AWS CloudWatch, GCP Operations Suite) with centralized platforms (e.g., Splunk, Datadog) to provide a "single-pane-of-glass" view and predictive analytics. 
• DevSecOps Culture & Mentorship: Actively champion and lead the maturation of the DevSecOps culture within CDC teams, promoting advanced best practices in automation, collaboration, and security-first development. Provide expert technical guidance and mentorship to mid-level and junior engineers. 
• Vulnerability Management & Risk Mitigation: Lead the strategy and implementation of automated vulnerability scanning, assessment, and remediation processes for cloud infrastructure, containers, and applications, ensuring rapid patching and continuous security posture improvement. 
• Cross-Functional Leadership & Optimization: Lead collaborative efforts with development, operations, and security teams to identify and resolve complex bottlenecks, optimize enterprise workflows, and ensure seamless, secure integration across the end-to-end App Dev pipeline. 

Requirements 

• Bachelor’s Degree in Computer Science, Information Technology, or a related field, or 4+ years of equivalent relevant work experience. 
• 7+ years of progressive experience in a DevSecOps, DevOps, or SRE role, with a proven track record of architecting and leading CI/CD pipeline implementation and automation for large-scale environments. 
• Expert-level experience with at least one major cloud platform (Azure, AWS, or GCP), with a deep understanding of its advanced services, security best practices, and architectural patterns. 
• Extensive hands-on experience with Linux, Docker, and Kubernetes, including enterprise-level deployments and management. 
• Advanced proficiency with scripting languages such as Python, Bash, or Go, capable of developing complex automation frameworks. 
• Experience with version control systems like GitHub, GitLab, or Bitbucket, including advanced branching strategies and repository management. 
• Expert-level familiarity with agile methodologies and project management tools (e.g., Jira, ServiceNow, or Smartsheet), often in a leadership capacity. 
• In-depth understanding of federal cybersecurity frameworks (e.g., NIST RMF, Zero Trust Architecture) and their practical application in highly regulated environments. 
• Exceptional communication, collaboration, and problem-solving skills, with a proven ability to lead technical discussions and present complex solutions to diverse audiences. 
• Proven ability to work autonomously, lead initiatives, and drive significant organizational change. 

Desired Experience/Qualifications 

• Multiple relevant cloud certifications (e.g., Azure DevOps Engineer Expert, AWS Certified DevOps Engineer - Professional, GCP Professional Cloud DevOps Engineer, Certified Kubernetes Administrator, CISSP). 
• Extensive experience with security tools such as SonarQube, Red Hat Advanced Cluster Security (ACS), Microsoft Defender for Cloud, or similar, including their integration and optimization in enterprise pipelines. 
• Experience leading the integration of low-code/no-code platforms into automated pipelines. 
• Deep expertise in data management and governance principles within a multi-cloud context. 
• Significant experience in public health or other federal government environments, demonstrating an understanding of mission-critical environments and compliance.