Job Summary: Research, develop, implement, and maintain DevSecOps processes and tools to automate the integration and deployment of complex DoD cybersecurity software applications. Maintain deployment of multiple software baselines with custom Virtual Machine (VM) and container configurations development, testing, and deployment activities. Ensure the DevSecOps environment facilitates designing, implementing, deploying, and executing automated tests, and investigating new DevSecOps and related technologies. New technologies and processes will be added to the corporate DevSecOps environment to transition between projects and programs. Collect, process, and present build, network, security, systematic, performance, and other information and metrics to show automation improvements or degradations over time. Migrate legacy DevOps/IA/IT capabilities to new systems without losing project history or documentation. Balance hybrid cloud distribution between private corporate infrastructure and public clouds. Support business development and proposal efforts with DevSecOps expertise. Possess the ability to work independently and transition between programs to provide backfill or permanent support.
Essential Job Functions:
- Ability to perform many duties involving DevSecOps functions including, but not limited to, authoring and maintaining automation deployment and monitoring scripts, developing and maintaining security controls and systems, managing virtualized assets, creating virtual and physical network configurations, servers, communications, and test and developer engineering support.
- Must be able to author and maintain scripts in a variety of languages. Work products must be configuration managed.
- Analyze real world problems and implement solutions according to corporate guidelines and procedures, DoD DevSecOps guidance, and industry best practices.
- Assures system stability, accessibility, and proper configuration of assigned technical systems and components.
Desired Job Functions:
- Monitor, maintain, install, and support networked virtual and physical machines, software applications, security controls and appliances, and peripheral equipment; provides professional-level IT, virtual environment, and network support functions;
- Assist software developers, integration, and test engineers;
- Maintain a lab environment with cybersecurity policies and procedures.
- Trouble-shoot capabilities to diagnose system problems; analyze hardware and software functionality; identify, locate, resolve and repair problems within scope authority. Document and present performance records and results.
- Audit, document, present, and archive cybersecurity information. Document problems/issues via IT ticketing system/tracking log.
- Review and update all information security management system process and procedures (data/software).
- Support periodic scanning of lab machines (as required by RMF/DIACAP) - review and mitigation of findings such as anti-virus and other application updates.
Required Skills:
- Experience implementing DevSecOps, DevOps, or IT or Security automation supporting multiple teams.
- Knowledge of and ability to implement cloud vendor best practices.
- Our environments are primarily built with VMware, Kubernetes, OpenShift, Linux, and AWS.
- Experience with private and hybrid cloud design/operation/monitoring/deployment:
- VMware vCenter and ESXi, generally maintained at the most current version.
- Knowledge of or ability to learn Kubernetes, Google Cloud Platform, Google Kubernetes Engine (GKE) On Prem, Kubernetes, and Docker.
- Knowledge of or ability to learn OpenShift.
- Knowledge of or ability to learn VMware Orchestrator to automate deployment and destruction of virtual machine, network, and other virtualized assets in VMware environments.
- Knowledge of or ability to learn Amazon Web Services.
- Ability to manage Java enterprise web services.
- Use scripting languages for automation, administration, data collection and reporting. This job requires the ability to write, test, debug, deploy, and sustain scripts.
- Configuration manage, version control, and backup various scripts and work products created to execute and maintain the environment.
- Design real world representative systems and automated unit level functional and performance tests within those representative environments.
- Review and update all lab process and procedures, policies, and supporting infrastructure.
- Audit and reporting of system and performance and security logs.
- Respond professionally, effectively, and efficiently to service requests.
- Prioritize multiple tasks, projects, and demands.
- Lead small projects to research and/or implement new technologies.
- Support DevSecOps and related technologies business development and proposal efforts such as authoring proposal sections and creating process diagrams.
- Effective interpersonal and communications skills.
- Professionally convey system-wide performance information routinely via tools such as PowerPoint, Excel, Visio, Jira, Confluence, etc.
- Train others to perform similar DevSecOps and automation tasks. Support a corporate library of knowledge by maintaining and evangelizing content.
- Interact with developers to understand software changes that will impact development and testing activities, examine any relevant change implementation, then report the changes to developers and testers welcoming feedback for future improvements.
- Operating and maintaining computer and peripheral equipment safely and competently.
- Solving technical problems involving a variety of integrated software and hardware platforms.
- Excellent communications skills and the ability to work well in a team environment.
Desired Skills:
- Experience with Atlassian tools (Bamboo, BitBucket, Confluence, JIRA, etc.), Jenkins, Puppet, and Git.
- Familiarity with cloud vendors’ products, tools, and APIs such as: VMware, CentOS/RedHat, Microsoft, Google, Amazon, Azure, and others.
- Ability to design and implement self-service portals for conducting DevSecOps or IT related activities.
- Photon OS or similar containerizing experience for deploying, monitoring, and managing containers in a VMware environment.
- Java software development experience or C#/.Net development and/or deployment skills, particularly with Azure services.
- Ability to manage web services.
- Prior or current experience with Agile development processes.
- Ability to write or modify web server-side scripting languages and files.
- DevSecOps, Agile, VMware, Microsoft, RedHat, AWS, and any other relevant IT or security certifications.
- Experience with Graylog, ELK, or similar syslog capability.
- Knowledge of or experience with Risk Management Framework (RMF), DoD Information Assurance Certification and Accreditation Process (DIACAP), and National Institute of Standards And Technology (NIST) or similar best practices and security guidelines.
- Ability to assist others with getting certifications, such as proving guidance, tutelage, sandboxes, or cooperation.
Required Education/Experience:
- Associate or bachelor’s degree in a technical discipline such as computer science or information technology from an accredited college or university.
- Five years of work experience preferred.
- Certifications are a definite plus or working towards a certification(s).
Other Requirements: Please note that pursuant to a government contract, this specific position requires U. S. Citizenship status with a TOP SECRET/SCI security clearance. Security Clearance requirements will be specified in the Government's Task Order.
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. The above is intended to describe the general contents of and requirements for the performance of this job.