DevSecOps Engineer - IronSled - Clearance Required

Overview

LMI is looking for an expert DevSecOps Engineer to join our exciting and innovative team to support transforming and modernizing how the United States Army delivers software. 

This is a 100% remote role with quarterly travel for in person team planning and collaboration events. This position requires an active Secret clearance.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors—helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

Responsibilities

The DevSecOps Engineer will work as IronSled’s Deployment Engineer.  As a Deployment Engineer, you will be responsible for working with internal application teams to help them deploy onto IronSled in various environments.

IronSled is LMI’s DevSecOps platform that serves as the central hub for all software development projects. IronSled allows internal and external users to set up development environments with just a few clicks:• Access standardized tools and resources• Build applications using secure, pre-approved components• Deploy and manage applications throughout their lifecycle• Monitor application performance and security

Continuous Integration/Continuous Deployment (CI/CD):

• Design, implement, and manage CI/CD pipelines in Gitlab to ensure efficient and reliable software delivery.
• Integrate security tools and practices into CI/CD workflows to detect and mitigate risks early.
• Familiar with implementation of deployment strategies including blue/green, canary, and A/B testing.

Automation and Scripting:

• Develop and maintain automation scripts to streamline and enhance deployment processes.
• Advise on and implement configuration management tools for consistent environment setup.
• Develop and manage automated deployment and configuration of Kubernetes clusters.
• Support configuration of automated testing including functional, integration, end-to-end, resilience, and disaster recovery. 

Security Integration:

• Implement security measures and controls within CI/CD pipelines.
• Develop and employ automated, regular, pre and post-deployment security assessments and vulnerability scans and testing.
• Ensure compliance with Army and Department of Defense (DoD) security standards and policies.
• Provide direct technical input into security remediation documentation.

Monitoring and Incident Response:

• Set up and maintain monitoring and logging solutions to detect and respond to incidents in real-time.
• Collaborate with security teams to investigate and remediate security incidents and breaches.

Collaboration and Communication:

• Work closely with development, operations, and security teams to ensure seamless integration of security practices.
• Provide training and guidance to team members on security best practices and DevSecOps methodologies.
• Directly coordinate with Government service and resource providers to implement technical solutions.

Infrastructure as Code (IaC):

• Utilize AWS specific IaC tools (i.e. CloudFormation, SAM, CDK) to manage and provision infrastructure.
• Ensure infrastructure is secure, scalable, and compliant with Army requirements.

Risk Management:

• Identify and address potential security risks and vulnerabilities throughout the development lifecycle.
• Implement risk mitigation strategies and conduct regular risk assessments.

Compliance and Documentation:

• Ensure all systems and applications comply with relevant regulations and standards (e.g., NIST, FISMA, RMF).
• Provide DevSecOps technical input to comprehensive documentation of security practices, procedures, and incident response plans.

Performance Optimization:

• Optimize performance and scalability of applications and infrastructure.
• Conduct performance testing and implement improvements as needed.

Research and Development:

• Stay current with emerging technologies and security trends.
• Monitor and adapt to rapidly changing Government technologies and security trends.
• Evaluate and integrate new tools and technologies to enhance the security posture of Army systems.

Disaster Recovery and Organization Continuity:

• Collaborate with System Architect and Product Management to develop and maintain disaster recovery plans and organization continuity strategies.
• Conduct regular drills and tests to ensure preparedness for potential disruptions.

Software Development Support:

• Assist in the design, development, and deployment of secure software solutions.
• Coordinate with lead developers to ensure security is considered throughout the software development lifecycle (SDLC).

Qualifications

• Minimum of a SECRET security clearance
• Bachelor’s degree in Computer Science or related technical field 
• DoD 8570 IAT Level II Certification (SEC+ or other)
• 10+ years’ experience as a DevSecOps or Platform Engineer 
• Proven, demonstrated technology experience with enterprise CI/CD 
• Familiarization with programming best practices
• Ability to debug, optimize code, and automate routine tasks 
• Systematic problem-solving approach, coupled with effective communication skills and a sense of drive 
• Understanding of Unix/Linux operating systems 
• Demonstrated experience building continuous, automated build and deploy pipelines. 
• Demonstrated experience in conditional procedure of build and deploy pipeline based on security scans of source and artifact. 
• Capable of working with software development team and platform infrastructure team to provide meaningful guidance to both for code development and deployment. 
• In-depth knowledge of version control of release artifacts to facilitate upgrade rollout and rollback. 
• Strong understanding of containerization of web applications. 
• Understanding and familiarity with container orchestration engines such as K8s (EKS, AKS, GKE, Kops, OpenShift) 
• Demonstrated Experience with GitLab CI/CD. 
• Experience with bash shell scripting.
• Experience with AWS CI/CD tools and services. 
• Experience with Agile development methodologies and working with Agile teams.
• Ability to work in a highly collaborative team environment.

PREFERRED EXPERIENCE/SKILLS: 

• Master’s degree in science, technology, engineering, mathematics, computer science, economics, or related technical discipline
• AWS GovCloud experience is highly preferred. 
• SAFe certification and experience are a plus.
• Experience working in IL4 or equivalent secure environments.
• Experience with security requirements in a federal IT environment, including FedRAMP-certified providers and FISMA requirements for acquiring an ATO.
• Experience working in a consultant/client environment