DevSecOps Engineer
Not Disclosed•Full-TimeOn-site
location_onSaint Stephens African Methodist Episcopal Church, Red Cross Street, Brooklyn, Wilmington, New Hanover County, North Carolina, 28401, United States
About the Team
Maximus Technology and Consulting Services (TCS) operates at the intersection of advanced technology and critical national security. Our team is dedicated to securing the infrastructure that powers essential government operations, ensuring resilience, compliance, and continuous availability for high-stakes environments. We foster a culture of innovation where automation and rigorous security practices converge to protect sensitive data and systems.
About the Role
As a DevSecOps Engineer within our TCS division, you will serve as a pivotal force in hardening our security posture while driving operational efficiency. This role exists to bridge the gap between development, security, and operations, ensuring that security is embedded into every stage of the software and infrastructure lifecycle. You will not only manage incident response and vulnerability remediation but also architect the automated frameworks that prevent issues before they arise.
Your day-to-day involves a dynamic blend of strategic planning and hands-on execution. You will design and implement automated security testing tools, conduct penetration tests, and perform deep-dive root cause analysis on network and security incidents. Beyond technical troubleshooting, you will collaborate with cross-functional teams to replace manual processes with robust, script-driven solutions, maintaining comprehensive runbooks and updating security procedures to stay ahead of emerging threats. This position requires a unique blend of technical expertise and the ability to navigate complex compliance landscapes, particularly within USAF IT systems.
Hiring Process
Candidates selected for this role must possess an active Top Secret with SCI eligibility. The interview process is designed to assess both technical proficiency and cultural fit within our security-focused environment. Selected candidates will undergo a rigorous vetting process commensurate with the sensitivity of the work. For specific details on the interview stages, please refer to the communication from our recruiting team upon application submission.
Equal Opportunity & Accommodations
Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information, and other legally protected characteristics. We are committed to fostering a diverse and inclusive workplace.
Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process—including accessing job postings, completing assessments, or participating in interviews—please contact People Operations at applicantaccom@maximus.com.
Work location
Work model: On-site
Saint Stephens African Methodist Episcopal Church, Red Cross Street, Brooklyn, Wilmington, New Hanover County, North Carolina, 28401, United States
Wilmington, North Carolina
Key Responsibilities
- check_circleConduct penetration testing and security code reviews
- check_circleManage end-user and administration access for access control
- check_circlePerform network and security analysis using monitoring tools
- check_circleCoordinate remediation patching and compliance efforts
- check_circleUpdate security procedures and maintain operations runbooks
- check_circleSet up and maintain proxy servers, systems, and firewalls
- check_circleCoordinate change requests and provide status updates
- check_circleDesign and implement automated security testing tools and frameworks
Requirements
- verifiedBS in Computer Science, IT, or related field
- verified10 years experience or multiple IT certifications
- verified8 years work-related experience
- verifiedActive Top Secret with SCI eligibility
- verifiedSecurity+ or DoD 8570 IAT-II certification
Nice to Have
Certified Kubernetes Application Developer (CKAD), Red Hat Certified Engineer (RHCE), Certified Jenkins Engineer (CJE), AWS Certified DevOps Engineer, Certified Kubernetes Engineer (CKA), GitLab Certified DevOps Professional, or similar certifications. Familiarity with technical aspects for IT and IAT-Level II Certifications. Experience with CI/CD pipelines, infrastructure as code, and containerization technologies. Expertise in cloud platforms, automation tools, scripting languages, and security testing tools. Understanding of AWS, Azure, or GCP and their security services. Understanding of USAF IT systems, networks, and platforms. Experience with Jenkins, GitLab CI, Azure DevOps, or similar tools for automating the build, test, and deployment process. Proficiency with tools like Terraform, Ansible, or CloudFormation to automate infrastructure provisioning and configuration. Familiarity with Docker, Kubernetes, and related technologies. Proficiency in scripting languages like Python, Bash, or PowerShell to automate security tasks and workflows. Experience with static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) tools, as well as vulnerability scanners. Solid understanding of network security principles, including firewalls, intrusion detection/prevention systems, and network segmentation. Familiarity with SIEM solutions (like Splunk or ELK) and log aggregation tools for security monitoring. Familiarity with Identity and Access Management (IAM) and Zero Trust (ZT) security models.
Benefits & Perks
check_circleHealth insurance coveragecheck_circleLife and disability insurancecheck_circleRetirement savings plancheck_circlePaid holidays and paid time offcheck_circleShort- and long-term incentives