Cloud DevSecOps Engineer

Job Family:

Travel Required:

Clearance Required:

What You Will Do:

• Design, implement, and maintain gated, test-driven CI/CD pipelines using Harness and AWS-native tools.

• Implementing infrastructure-as-code and configuration-as-code best practices to govern and automate cloud infrastructure and configuration for the application.

• Automate builds and deployments for backend microservices, React frontend, and APIs.

• Integrate automated testing, static code analysis, and security scanning tools.

• Manage deployments across multiple environments (Dev, Test, Staging, Prod) in AWS.

• Work with EKS (Kubernetes), ECS, and AWS API Gateway for cloud-native deployments.

• Hands-on configuration and administration of the application's cloud components, including RDS, Lambda, and AWS API Gateway.

• Use GitHub Enterprise for source control, branch protection, and administering the team's branching and builds.

• Integrate code and artifact scanning tools in the pipeline (SonarQube, Checkmarx, Prisma Cloud, and Sonatype Lifecycle) and automate scans.

• Configure and manage service accounts with least privilege access across tools.

• Use HashiCorp Vault (Nautilus) for credential management and access control.

• Ensure logging and monitoring (Splunk, CrowdStrike, Tenable Nessus, Flexera).

• Collaborate with developers and architects to align pipeline with system architecture.

• Implement application patching, release deployment, maintenance, while maintaining security best practices.

• Maintain compliance with USCIS DevSecOps policies and governance standards.

What You Will Need:

• U.S. Citizenship and ability to obtain a Public Trust clearance.

• Bachelor's degree and Ten (10) years of relevant experience Or Master's degree and Eight (8) years of relevant experience.

• Strong experience with AWS services:  Lambda, RDS, API Gateway, ECR.

• Extensive experience with AWS EKS / Kubernetes administration.

• Strong experience supporting teams developing containerized microservices.

• Proficiency in CI/CD pipeline tools and scripting (Harness).

• Strong experience with containerization and Kubernetes (EKS), deploying microservices.

• Familiarity with automated testing and static analysis tools (SonarQube, Checkmarx).

• Experience with artifact management (Nexus Repository, Sonatype Lifecycle).

• Knowledge of credential management using HashiCorp Vault.

• Strong understanding of Agile methodologies and feature branch workflows in Git.

• Experience with gated releases and deployments, including into a production environment.

• Ability to work independently and communicate effectively with technical teams.

• Must be able to work from Guidehouse HQ Tysons Office approximately 1 day per week and Client Office in Camp Springs, MD approximately 1-2 days a week.

What Would Be Nice To Have:

Certifications (Not Required, but Common for Strong Candidates):

• AWS Certified DevOps Engineer - Professional

• AWS CloudOps Engineer

• AWS Certified Solutions Architect – Associate 

• Certified Kubernetes Administrator (CKA) or KCA

• HashiCorp Certified: Vault Associate 

Preferred/Optional Skills & Experience:

• Experience with Prisma Cloud container scanning

• Familiarity with monitoring tools: Splunk, New Relic, Prometheus, Grafana

• Exposure to security tools: CrowdStrike, Tenable Nessus, Flexera

• Experience with service