DevSecOps Engineer
Onsite – Richmond, VA 23235
Long-term Contract
Overview:
Brooksource is seeking a highly skilled DevSecOps Engineer for one of our government clients to design, build, and operationalize secure, automated delivery pipelines and cloud infrastructure as part of a major migration from on‑premise systems to AWS.
This role will partner across four IT teams to drive the transition from manual operations to fully automated, pipeline‑driven delivery using modern DevSecOps practices. This role will ensure that all workloads migrated into the target state are properly authenticated, authorized, logged, scanned, and auditable in alignment with applicable government security policies.
Qualifications:
Required
- Strong experience designing and implementing CI/CD pipelines across multiple toolchains.
- Experience with Git‑based workflows, branching strategies, and automated quality gates.
- Hands‑on experience with AWS services, cloud‑native deployment patterns, and containerized workloads.
- Proficiency with Terraform, CloudFormation, and Ansible.
- Experience integrating SAST/DAST, IaC scanning, and container security into pipelines.
- Strong understanding of secrets management, identity integration, and compliance‑driven DevSecOps.
- Experience automating infrastructure provisioning and configuration.
- Familiarity with CJIS, COV, or similar security frameworks.
Preferred
- Experience with a broad range of AWS services, including CloudFront, S3, Cloud Map, DataSync, CloudTrail, AppMesh, SQS, GuardDuty, AWS Inspector, Route 53, Security Groups, Subnets, Network ACLs, WAF, IAM, and VPC Endpoints.
- Experience migrating legacy middleware to containers or AWS ECS/EKS.
- Experience supporting COTS application deployment automation.
- Knowledge of OPA policy‑as‑code frameworks.
- Experience with multi‑cloud IaC patterns (AWS, Azure, GCP).
- Background in AI‑assisted DevOps, observability, or automated remediation.
- Relevant certifications such as AWS Solutions Architect, DevOps Engineer, Advanced Networking, Security Specialty, HashiCorp Terraform Associate, SRE Practitioner, or Kubernetes (CKA/CKAD)
Responsibilities:
CI/CD Pipeline & Secure Delivery Automation
- Design and implement CI/CD pipelines using AWS CodePipeline, CodeBuild, CodeDeploy, GitHub Actions, GitLab CI, or Jenkins with signed commits, and OWASP‑aligned quality gates.
- Integrate SAST/DAST, secret scanning, dependency scanning, and IaC scanning using SonarQube, Checkmarx, Veracode, etc.
- Build production‑ready pipelines for middleware containerization ECS Fargate with portability to Kubernetes.
- Create reusable pipeline templates supporting AWS workloads, open‑source tooling, and COTS product deployments.
- Implement automated testing gates using JUnit, pytest, SonarQube, and other vendor‑provided test harnesses.
- Enable blue/green and canary deployments with automated rollback strategies.
- Automate packaging, configuration, and deployment workflows for COTS applications.
- Apply AI‑assisted code analysis, test generation, and pipeline optimization to accelerate delivery and reduce defects and improve pipeline reliability.
DevSecOps Security, Compliance & Policy Automation
- Implement secrets management using AWS Secrets Manager, CyberArk, or HashiCorp Vault.
- Enforce IaC security scanning using Checkov, Terrascan, or policy‑as‑code tools.
- Build automated compliance checks aligned to CJIS Security Policy using OPA or cloud‑native policy engines.
- Implement container image scanning using Amazon ECR or equivalent enterprise scanning tools.
- Integrate identity and access controls (Okta, CyberArk , Microsoft/Azure AD) into provisioning and deployment workflows.
- Use AI‑driven threat detection, anomaly analysis, and automated remediation to strengthen pipeline and runtime security.
Infrastructure as Code, Automation & Cloud Operations
- Write and maintain IaC using Terraform, CloudFormation, and Ansible for AWS and multi‑cloud environments.
- Establish Git‑based IaC workflows with automated plan/apply pipelines using GitHub /GitLab.
- Convert manual infrastructure (VMware, network, storage) into IaC using Terraform providers, Ansible playbooks.
- Build self‑service infrastructure templates using Terraform modules, AWS Service Catalog.
- Maintain a reusable IaC module library supporting AWS and multi‑cloud patterns.
- Implement automation using AWS Systems Manager, Ansible Automation Platform.
- Build drift detection using Terraform Cloud/Enterprise, Atlantis, or AWS native tools.
- Automate account/project provisioning using AWS Service Catalog, AFT, Landing Zones.
- Build monitoring and alerting pipelines using CloudWatch, Prometheus/Grafana, Elastic Stack, Datadog, PagerDuty, or NewRelic.
- Apply AI/ML for predictive alerting, log correlation, and automated incident triage to reduce MTTR and improve operational resilience.
Disclaimer: Brooksource, Medasource, and Calculated Hire are part of the Eight Eleven Group family of companies and operate under Eight Eleven Group, LLC. All employees receive the same benefits, policies, and terms of employment.
EEO: We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, ancestry, age, disability, genetic information, marital status, military or veteran status, citizenship, pregnancy (including childbirth, lactation, and related conditions), or any other protected status in accordance with applicable federal, state, and local laws.
Benefits & Perks: Brooksource offers competitive medical, dental, vision, Health Savings Account, Dependent Care FSA, and supplemental coverage with plans that can fit each employee’s needs. We offer a 401k plan that includes a company match and is fully vested after you become eligible, paid time off, sick time, and paid company holidays. We also offer an Employee Assistance Program (EAP) that provides services like virtual counseling, financial services, legal services, life coaching, etc.
Pay Disclaimer: The pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Pay: $60.00 - $65.00 per hour
Benefits:
- Dental insurance
- Health insurance
- Vision insurance
Work Location: In person
