Key skills
DevSecOpsCI/CD pipelinesGitHub ActionsGitLab CIJenkinsAzure DevOpsInfrastructure as CodeTerraformCloudFormationARM templatesSecurity scanningSASTDASTDependency scanningContainer scanningCloud platformsAWSAzureGCPCloud security best practicesDockerKubernetesLinuxScriptingBashPythonFederal security frameworksNISTFISMAFedRAMPDevSecOps toolsSonarQubeSnykTrivyCheckovAquaPrisma CloudRegulated environmentGovernment environmentSecurity clearancePrismaGitHubGitLabAgileScrumCI/CD
About this role
ICF is a global advisory and technology services provider, and they are seeking a DevSecOps Engineer to support a federal client by integrating security practices into cloud and application development workflows. The role involves assisting in the development and maintenance of CI/CD pipelines, supporting cloud infrastructure, and collaborating with various teams in an Agile/Scrum environment.
Responsibilities:
- Assist in the development, maintenance, and monitoring of CI/CD pipelines using tools such as GitHub Actions, GitLab CI, Jenkins, or Azure DevOps
- Support infrastructure as code (IaC) efforts using tools like Terraform, CloudFormation, or ARM templates
- Help integrate security scanning and compliance checks into build and deployment pipelines (SAST, DAST, dependency scanning, container scanning)
- Support cloud infrastructure in AWS, Azure, or GCP, with an emphasis on security best practices
- Assist with containerization efforts using Docker and orchestration platforms such as Kubernetes
- Monitor environments, logs, and alerts; assist with troubleshooting and incident response
- Document configurations, processes, and security controls to support audits and compliance requirements
- Collaborate with development, operations, and security teams in an Agile/Scrum environment
- Learn and apply federal security frameworks such as NIST, FISMA, and FedRAMP
Requirements:
- Must possess an active high level security clearance (TS)
- 2+ years of experience in DevOps, cloud engineering, systems engineering, or cybersecurity
- MUST RESIDE IN THE United States (U.S.) and the work MUST BE PERFORMED in the United States (U.S.), as this work is for a federal contract and laws do apply
- US Citizenship required due to a federal contract requirements
- Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or a related technical field
- Basic understanding of CI/CD concepts and DevOps practices
- Familiarity with at least one cloud platform (AWS, Azure, or GCP)
- Working knowledge of Linux and basic scripting (Bash, Python, or similar)
- Exposure to DevSecOps tools (e.g., SonarQube, Snyk, Trivy, Checkov, Aqua, Prisma Cloud)
- Experience with Docker and basic Kubernetes concepts
- Familiarity with NIST 800-53, FedRAMP, or other federal security standards
- Entry-level certifications such as AWS Cloud Practitioner, Azure Fundamentals, Security+, or similar
- Experience supporting applications in a regulated or government environment