Key skills
GitLab CI/CDDockerKubernetesCloud engineeringSecurity automationObservability stacksAutomated testingSoft skillsAWSGitLab CIGitLabZero Trust
About this role
MetroStar is a company dedicated to building exceptional teams and providing technology services. They are seeking a DevSecOps Engineer to build and maintain automation, pipelines, and containerized environments for C2SET modeling and simulation capabilities, ensuring the platform remains reliable and secure.
Responsibilities:
- Design, implement, and maintain GitLab CI / CD pipelines for M&S applications and services
- Integrate automated testing, code quality checks, SAST or DAST tools, vulnerability scanning, and deployment controls
- Build and manage Docker and Kubernetes clusters supporting simulation platforms on AWS and hybrid environments
- Operate secure cloud environments using IaC, configuration as code, and automated security controls
- Produce SBOMs, scan findings, and pipeline documentation to support RMF and ATO compliance
- Implement observability frameworks for logging, metrics, and tracing and resolve performance bottlenecks
- Provide remediation guidance for findings triggered by automated code and container scanning
- Support platform deployment and readiness events that may require TDY travel
- Work closely with developers, security engineers, and PMO to standardize and modernize legacy delivery workflows
Requirements:
- Active U.S. Government issued Secret security clearance
- Bachelor's degree in Computer Science, Engineering, Information Systems, or related field, or equivalent experience
- Minimum of 4 years of experience in cloud engineering or DevSecOps supporting containerized applications
- Hands on experience building and maintaining CI or CD pipelines using GitLab or a comparable toolchain
- Experience operating Docker and Kubernetes environments in production or mission settings
- Working knowledge of security automation and compliance in cloud platforms, including applying STIGs, RMF controls, or Zero Trust concepts
- Familiarity with observability stacks for logging, metrics, and tracing
- Ability to integrate automated testing, vulnerability scanning, and code quality checks into CI or CD pipelines