Senior DevSecOps Engineer

T-Rex Solutions is seeking a Senior DevSecOps Engineer to support our FDIC customer. This role is primarily remote with potential for occasional meetings at FDIC HQ in Arlington, VA as needed.

Responsibilities:

• DevSecOps Engineering and Automation
  • Design, develop, implement, and maintain enterprise DevSecOps solutions that integrate development, security, testing, and operations capabilities.
  • Build and optimize CI/CD pipelines that support automated software builds, testing, security scanning, deployment, and release management.
  • Support software development teams by integrating security, compliance, and quality controls throughout the SDLC.
  • Develop and maintain Infrastructure as Code (IaC) solutions to automate provisioning, configuration, and management of cloud and on-premises infrastructure.
  • Implement automated deployment and configuration management processes to improve consistency, reliability, and scalability.
  • Participate in the design, configuration, testing, administration, and monitoring of enterprise DevSecOps toolchains.
  • Research, evaluate, and recommend emerging DevSecOps technologies, tools, frameworks, and best practices.
• Security Integration
  • Embed security controls and compliance requirements into all phases of the SDLC.
    
    • Integrate and maintain application security tools and processes, including: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Container and image scanning, Secret detection and credential management, Infrastructure security scanning, and Fuzz testing
  • Support implementation of Zero Trust security principles across development and operational environments.
  • Ensure compliance with federal cybersecurity requirements and security engineering best practices.
  • Assist with vulnerability identification, remediation planning, risk mitigation, and security reporting.
  • Support audit readiness activities and compliance documentation requirements.
• Automated Testing and Quality Engineering
  
  • Develop and lead enterprise testing automation strategies integrated within DevSecOps pipelines.
  • Implement automated functional, integration, regression, performance, load, and security testing capabilities.
  • Enable self-service testing capabilities for product teams and development organizations.
  • Establish and maintain testing frameworks, automation standards, and quality assurance processes.
  • Define and implement test coverage metrics, quality gates, pass/fail criteria, and release readiness requirements.
  • Champion shift-left testing practices by integrating validation and testing activities early in the SDLC.
  • Promote continuous improvement of test plans, test data management processes, and automated testing frameworks.
  • Ensure traceability between requirements, work items, source code, test cases, vulnerabilities, risk mitigation activities, and releases.
  • Analyze and report testing outcomes, quality trends, vulnerabilities, and performance metrics to stakeholders and leadership.
• Technical Leadership
  
  • Provide technical leadership and mentorship to software engineers, DevSecOps practitioners, testers, and operations personnel.
  • Serve as a subject matter expert for DevSecOps methodologies, toolchains, automation frameworks, and software engineering best practices.
  • Support architecture reviews, design discussions, technical evaluations, and modernization initiatives.
  • Collaborate with Solution Architects, Security Architects, Product Owners, and technical teams to ensure alignment with organizational goals.

Requirements:

• Bachelor's degree in Computer Science, Software Engineering, Computer Engineering, Information Systems, Cybersecurity, or a related technical field.
• Minimum of 8 years of experience in software engineering, DevOps, DevSecOps, cloud engineering, cybersecurity engineering, or related disciplines.
• Demonstrated experience implementing DevSecOps practices within enterprise environments, supporting complex application development and modernization initiatives.
• Experience developing and maintaining CI/CD pipelines and deployment automation frameworks.
• Experience integrating automated testing and security controls into software delivery processes.
• Experience supporting hybrid cloud and on-premises environments.
• Strong understanding of Agile software development methodologies.
• Extensive experience with DevSecOps tools, automation frameworks, and software delivery platforms.
• Strong knowledge of Microsoft Azure
• Experience with the following toolset: GitHub Enterprise Server/Cloud, JFrog Artifactory, JFrog Xray, SonarQube, GitHub Advanced Security, GitHub Copilot, and Subject7
• Knowledge of containerization and infrastructure technologies including Azure Kubernetes Services (AKS), Virtual Machines, Application Gate Way, App Services, Key Vaults, ServiceNow, CyberArk, and Terraform
• Proficiency in one or more modern programming and scripting languages such as Java, C#, Python
• Experience with source code repositories, version control systems, and artifact management platforms.
• Strong understanding of:
  
  • Zero Trust Architecture
  • Application Security (AppSec)
  • NIST 800-53 security controls
  • Continuous Monitoring
  • Logging and Audit Requirements (M-21-31)
• Knowledge of enterprise testing frameworks and automated quality assurance practices.
• Strong written and verbal communication skills with demonstrated experience briefing senior-level personnel.
• Experience supporting Continuous Authority to Operate (ATO) initiatives.
• Ability to obtain and maintain a Public Trust, suitability determination, or other clearance level required.

Desired Skills:

• One or more of the following certifications are preferred:
  • Certified Kubernetes Administrator (CKA)
  • Certified Kubernetes Security Specialist (CKS)
  • Microsoft Azure DevOps Engineer Expert
  • Microsoft Azure Solutions Architect Expert
  • DevSecOps Foundation or equivalent certification

T-Rex Overview

Established in 1999, T-Rex Solutions, LLC is a proven mid-tier business providing data-centric mission services to the Federal government as it increasingly tries to secure and leverage the power of data. We design, integrate, secure, and deploy advanced technical solutions for our customers so they can efficiently fulfill their critical objectives. T-Rex offers both IT and professional services to numerous Federal agencies and is a leader in providing high quality and innovative solutions in the areas of Cloud and Infrastructure Services, Cyber Security, and Big Data Engineering.

T-Rex is constantly seeking qualified people to join our growing team. We have built a broad client base through our devotion to delivering quality products and customer service, and to do that we need quality individuals. But more than that, we at T-Rex are committed to creating a culture that supports the development of every employee's personal and professional lives. T-Rex has made a commitment to maintain the status of an industry leader in compensation packages and benefits which includes competitive salaries, performance bonuses, training and educational reimbursement, Transamerica 401(k) and Cigna healthcare benefits.

T-Rex is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, sex (including pregnancy and sexual orientation), parental status, national origin, age, disability, family medical history or genetic information, political affiliation, military service, or other non-merit based factors.

In compliance with pay transparency guidelines, the annual base salary range for this position is $100,000 - $170, 000. Please note that the salary information is a general guideline only. T-Rex considers factors such as (but not limited to) scope and responsibilities of the position, candidate’s work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer.

T-Rex offers a diverse and collaborative work environment, exciting opportunities for professional growth, and generous benefits, including: PTO available to use immediately upon joining (prorated based on start date), paid parental leave, individual and family health, vision, and dental benefits, annual budget for training, professional development and tuition reimbursement, and a 401(k) plan with company match fully vested after 60 days of employment among other benefits.