DevSecOps Engineer

Requirements

Must have:

- We require a bachelors degree in computer science, cybersecurity, information technology, engineering, mathematics, or a closely related discipline.

• We require at least 4 years of experience applying DevSecOps practices in cloud or hybrid environments.
• We require at least 4 years of experience building or supporting CI/CD pipelines with tools such as Jenkins, GitLab CI, GitHub Actions, or Azure DevOps.
• We require at least 2 years of experience embedding application security testing, dependency analysis, secrets detection, or container security into delivery pipelines.
• We require at least 3 years of experience with AWS, Azure, or GCP, along with infrastructure as code tools such as Terraform, CloudFormation, or Ansible.
• We require the ability to work on site in the DMV area up to 5 days per week.
• We require the ability to travel approximately 20% based on client and business needs.
• We require legal authorization to work in the United States without current or future employer sponsorship.
• We value strong communication, collaboration, attention to detail, professionalism, and the ability to manage multiple priorities in a fast-paced environment.
• We prefer experience supporting federal, state, local, or higher education environments.
• We prefer familiarity with NIST 800-53, the NIST Secure Software Development Framework, FedRAMP, or Zero Trust requirements.
• We prefer experience with container platforms and orchestration security, such as Docker, Kubernetes, or OpenShift.
• We prefer experience with security tools such as SonarQube, Snyk, Prisma Cloud, Aqua, or similar platforms.
• We prefer scripting and automation experience using Python, PowerShell, Bash, or Go.
• We prefer relevant certifications such as CISSP, CCSP, AWS Certified Security - Specialty, Microsoft Azure Security Engineer Associate, or CKS.

Responsibilities:

- We design and implement DevSecOps methods that weave security controls into development, build, release, and deployment processes.

• We build and maintain CI/CD pipelines with automated security testing, code analysis, dependency scanning, and secrets detection.
• We support cloud and platform engineering teams with secure configuration, infrastructure as code, container protection, and identity and access management practices.
• We partner with application developers, architects, and cyber professionals to resolve vulnerabilities, improve secure coding, and reinforce release governance.
• We produce technical documentation, implementation deliverables, and progress updates that support delivery, audit readiness, and stakeholder decisions.
• We lead projects or workstreams as needed while balancing priorities and meeting deadlines.
• We provide clear direction to teammates and collaborate effectively across technical and business groups.

Company:

We are Deloittes Government & Public Services practice, and our Enterprise Security team helps clients secure and modernize software delivery by building security into every stage of digital transformation. Our work supports federal, state, and local government organizations as well as public higher education institutions, with a focus on mission-driven outcomes, cloud security, application security, secure development, and emerging technologies.

This Senior

Consultant role is part of our GPS Cyber team and is based in the DMV area, with onsite work expected up to five days per week and some travel required.

We offer a competitive compensation range and eligibility for an annual incentive program, depending on role level and performance.