Senior DevSecOps Engineer

T-Rex Solutions, LLC is a mid-tier business providing data-centric mission services to the Federal government. They are seeking a Senior DevSecOps Engineer to support their FDIC customer by designing and maintaining enterprise DevSecOps solutions, integrating security throughout the software development lifecycle, and providing technical leadership to teams.

Responsibilities:

• Design, develop, implement, and maintain enterprise DevSecOps solutions that integrate development, security, testing, and operations capabilities
• Build and optimize CI/CD pipelines that support automated software builds, testing, security scanning, deployment, and release management
• Support software development teams by integrating security, compliance, and quality controls throughout the SDLC
• Develop and maintain Infrastructure as Code (IaC) solutions to automate provisioning, configuration, and management of cloud and on-premises infrastructure
• Implement automated deployment and configuration management processes to improve consistency, reliability, and scalability
• Participate in the design, configuration, testing, administration, and monitoring of enterprise DevSecOps toolchains
• Research, evaluate, and recommend emerging DevSecOps technologies, tools, frameworks, and best practices
• Embed security controls and compliance requirements into all phases of the SDLC
• Integrate and maintain application security tools and processes, including: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Container and image scanning, Secret detection and credential management, Infrastructure security scanning, and Fuzz testing
• Support implementation of Zero Trust security principles across development and operational environments
• Ensure compliance with federal cybersecurity requirements and security engineering best practices
• Assist with vulnerability identification, remediation planning, risk mitigation, and security reporting
• Support audit readiness activities and compliance documentation requirements
• Develop and lead enterprise testing automation strategies integrated within DevSecOps pipelines
• Implement automated functional, integration, regression, performance, load, and security testing capabilities
• Enable self-service testing capabilities for product teams and development organizations
• Establish and maintain testing frameworks, automation standards, and quality assurance processes
• Define and implement test coverage metrics, quality gates, pass/fail criteria, and release readiness requirements
• Champion shift-left testing practices by integrating validation and testing activities early in the SDLC
• Promote continuous improvement of test plans, test data management processes, and automated testing frameworks
• Ensure traceability between requirements, work items, source code, test cases, vulnerabilities, risk mitigation activities, and releases
• Analyze and report testing outcomes, quality trends, vulnerabilities, and performance metrics to stakeholders and leadership
• Provide technical leadership and mentorship to software engineers, DevSecOps practitioners, testers, and operations personnel
• Serve as a subject matter expert for DevSecOps methodologies, toolchains, automation frameworks, and software engineering best practices
• Support architecture reviews, design discussions, technical evaluations, and modernization initiatives
• Collaborate with Solution Architects, Security Architects, Product Owners, and technical teams to ensure alignment with organizational goals

Requirements:

• Bachelor's degree in Computer Science, Software Engineering, Computer Engineering, Information Systems, Cybersecurity, or a related technical field
• Minimum of 8 years of experience in software engineering, DevOps, DevSecOps, cloud engineering, cybersecurity engineering, or related disciplines
• Demonstrated experience implementing DevSecOps practices within enterprise environments, supporting complex application development and modernization initiatives
• Experience developing and maintaining CI/CD pipelines and deployment automation frameworks
• Experience integrating automated testing and security controls into software delivery processes
• Experience supporting hybrid cloud and on-premises environments
• Strong understanding of Agile software development methodologies
• Extensive experience with DevSecOps tools, automation frameworks, and software delivery platforms
• Strong knowledge of Microsoft Azure
• Experience with the following toolset: GitHub Enterprise Server/Cloud, JFrog Artifactory, JFrog Xray, SonarQube, GitHub Advanced Security, GitHub Copilot, and Subject7
• Knowledge of containerization and infrastructure technologies including Azure Kubernetes Services (AKS), Virtual Machines, Application Gate Way, App Services, Key Vaults, ServiceNow, CyberArk, and Terraform
• Proficiency in one or more modern programming and scripting languages such as Java, C#, Python
• Experience with source code repositories, version control systems, and artifact management platforms
• Strong understanding of: Zero Trust Architecture, Application Security (AppSec), NIST 800-53 security controls, Continuous Monitoring, Logging and Audit Requirements (M-21-31)
• Knowledge of enterprise testing frameworks and automated quality assurance practices
• Strong written and verbal communication skills with demonstrated experience briefing senior-level personnel
• Experience supporting Continuous Authority to Operate (ATO) initiatives
• Ability to obtain and maintain a Public Trust, suitability determination, or other clearance level required
• One or more of the following certifications are preferred: Certified Kubernetes Administrator (CKA), Certified Kubernetes Security Specialist (CKS), Microsoft Azure DevOps Engineer Expert, Microsoft Azure Solutions Architect Expert, DevSecOps Foundation or equivalent certification