Sr DevSecOps Engineer

Company Description

Citizant is a leading provider of professional IT services to the U.S. government. We seek to address some of our country's most pressing challenges in the areas of Agile application development, Enterprise Data Management, Enterprise Architecture, and Program Management support services - focusing on the U.S. Departments of Homeland Security and Treasury. We strive to hire only ethical, talented, passionate, and committed "A Players" who already align with the company's core values: Drive, Excellence, Reputation, Responsibility, and a Better Future. No matter how large we grow, Citizant will retain its collaborative, supportive, small-company culture, where successful team effort to address external and internal customer challenges is valued above all individual contributions.

Key Responsibilities

DevSecOps Engineering and Automation

• Design, develop, implement, and maintain enterprise DevSecOps solutions that integrate development, security, testing, and operations capabilities.
• Build and optimize CI/CD pipelines that support automated software builds, testing, security scanning, deployment, and release management.
• Support software development teams by integrating security, compliance, and quality controls throughout the SDLC.
• Develop and maintain Infrastructure as Code (IaC) solutions to automate provisioning, configuration, and management of cloud and on-premises infrastructure.
• Implement automated deployment and configuration management processes to improve consistency, reliability, and scalability.
• Participate in the design, configuration, testing, administration, and monitoring of enterprise DevSecOps toolchains.
• Research, evaluate, and recommend emerging DevSecOps technologies, tools, frameworks, and best practices.

Security Integration

• Embed security controls and compliance requirements into all phases of the SDLC.
• Integrate and maintain application security tools and processes, including: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Container and image scanning, Secret detection and credential management, Infrastructure security scanning, and Fuzz testing
• Support implementation of Zero Trust security principles across development and operational environments.
• Ensure compliance with federal cybersecurity requirements and security engineering best practices.
• Assist with vulnerability identification, remediation planning, risk mitigation, and security reporting.
• Support audit readiness activities and compliance documentation requirements.

Automated Testing and Quality Engineering

• Develop and lead enterprise testing automation strategies integrated within DevSecOps pipelines.
• Implement automated functional, integration, regression, performance, load, and security testing capabilities.
• Enable self-service testing capabilities for product teams and development organizations.
• Establish and maintain testing frameworks, automation standards, and quality assurance processes.
• Define and implement test coverage metrics, quality gates, pass/fail criteria, and release readiness requirements.
• Champion shift-left testing practices by integrating validation and testing activities early in the SDLC.
• Promote continuous improvement of test plans, test data management processes, and automated testing frameworks.
• Ensure traceability between requirements, work items, source code, test cases, vulnerabilities, risk mitigation activities, and releases.
• Analyze and report testing outcomes, quality trends, vulnerabilities, and performance metrics to stakeholders and leadership.

Technical Leadership

• Provide technical leadership and mentorship to software engineers, DevSecOps practitioners, testers, and operations personnel.
• Serve as a subject matter expert for DevSecOps methodologies, toolchains, automation frameworks, and software engineering best practices.
• Support architecture reviews, design discussions, technical evaluations, and modernization initiatives.
• Collaborate with Solution Architects, Security Architects, Product Owners, and technical teams to ensure alignment with organizational goals.

Required Qualifications

Experience

Senior Level III

• Minimum of 8 years of experience in software engineering, DevOps, DevSecOps, cloud engineering, cybersecurity engineering, or related disciplines.
• Demonstrated experience implementing DevSecOps practices within enterprise environments.
• Experience supporting complex application development and modernization initiatives.
• Experience developing and maintaining CI/CD pipelines and deployment automation frameworks.
• Experience integrating automated testing and security controls into software delivery processes.
• Experience supporting hybrid cloud and on-premises environments.
• Strong understanding of Agile software development methodologies.
• Extensive experience with DevSecOps tools, automation frameworks, and software delivery platforms.
• Strong knowledge of Microsoft Azure
• Experience with the following toolset: GitHub Enterprise Server/Cloud, JFrog Artifactory, JFrog Xray, SonarQube, GitHub Advanced Security, GitHub Copilot, and Subject7
• Knowledge of containerization and infrastructure technologies including Azure Kubernetes Services (AKS), Virtual Machines, Application Gate Way, App Services, Key Vaults, ServiceNow, CyberArk, and Terraform
• Proficiency in one or more modern programming and scripting languages such as: Java, C#, Python
• Experience with source code repositories, version control systems, and artifact management platforms.
• Strong understanding of: Zero Trust Architecture, Application Security (AppSec), NIST 800-53 security controls, Continuous Monitoring, Logging and Audit Requirements (M-21-31)
• Knowledge of enterprise testing frameworks and automated quality assurance practices.
• Excellent analytical, troubleshooting, and problem-solving skills.
• Strong written and verbal communication skills with demonstrated experience briefing senior-level personnel.
• Experience supporting Continuous Authority to Operate (ATO) initiatives.

Education

• Bachelor's degree in Computer Science, Software Engineering, Computer Engineering, Information Systems, Cybersecurity, or a related technical field.
• Equivalent combinations of education, certifications, training, and relevant experience may be considered.

Preferred Qualifications

• Experience supporting federal agencies

Preferred Certifications

• One or more of the following certifications are preferred:
• Certified Kubernetes Administrator (CKA)
• Certified Kubernetes Security Specialist (CKS)
• Microsoft Azure DevOps Engineer Expert
• Microsoft Azure Solutions Architect Expert
• DevSecOps Foundation or equivalent certification

Clearance Requirements

• Ability to obtain and maintain a Public Trust, suitability determination, or other clearance level required by the contract.

Citizant offers a competitive benefits package, including:

• Medical, dental, and vision insurance
• 401(k)
• Generous PTO
• Company-paid life and disability insurance
• Flexible Spending Accounts (FSA)
• Employee Assistance Program (EAP)
• Tuition Assistance & Professional Development Program

Additional information

Citizant strives to be an employer of choice in the Washington metropolitan area. Citizant associates accept challenging and rewarding work and in return receive excellent compensation and benefits, as well as the opportunity for personal and professional development.

Citizant is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.