DevSecOps Engineer
Not Disclosed•Full-TimeOn-site
location_onHoliday, 35, Omaha Street, Rapid City, Pennington County, South Dakota, 57701, United States
About the Team
Maximus Technology and Consulting Services (TCS) delivers critical solutions to government and commercial clients, focusing on secure, reliable, and scalable infrastructure. Within this team, we drive the evolution of DevSecOps practices to ensure robust security posture across complex network environments. Our mission is to integrate security seamlessly into the development lifecycle, enabling rapid deployment while maintaining the highest standards of compliance and operational resilience.
About the Role
This position serves as a pivotal link between development, security, and operations. You will be responsible for orchestrating incident response, vulnerability management, and compliance efforts within a high-stakes environment. The role involves designing and implementing automated security frameworks that leverage open-source solutions and scripting to replace manual processes. From managing certificate lifecycles and password policies to conducting penetration testing and security code reviews, you will ensure the integrity of our deployment tools and network infrastructure.
Your day-to-day work includes diagnosing root causes of security incidents using advanced monitoring tools, applying patches to DevOps tooling, and maintaining comprehensive operations runbooks to prevent recurring issues. You will also set up and monitor proxy servers, firewalls, and systems, ensuring strict adherence to access control policies. By researching cloud site reliability engineering trends and collaborating on automation improvements, you will help shape a secure, efficient, and future-ready technology landscape.
Hiring Process
Candidates selected for this role will undergo a rigorous vetting process designed to assess technical expertise and cultural fit. The process typically includes:
- Initial Screening: A review of qualifications, specifically focusing on clearance status and relevant certifications.
- Technical Assessment: A deep dive into your experience with DevSecOps, automation, and security protocols.
- Interviews: Conversations with hiring managers and team members to discuss specific scenarios and problem-solving approaches.
- Final Review: Clearance verification and final hiring decision.
Please note that an active Top Secret with SCI eligibility is a mandatory requirement for this position. Applicants must be prepared to discuss their clearance status and eligibility during the application phase.
Equal Opportunity & Culture
Maximus is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, genetic information, and other legally protected characteristics. We are committed to fostering a diverse and inclusive workplace where all employees can thrive.
Accommodations
Maximus provides reasonable accommodations to individuals requiring assistance during any phase of the employment process due to a disability, medical condition, or physical or mental impairment. If you require assistance at any stage of the employment process—including accessing job postings, completing assessments, or participating in interviews—please contact People Operations at applicantaccom@maximus.com.
Work location
Work model: On-site
Holiday, 35, Omaha Street, Rapid City, Pennington County, South Dakota, 57701, United States
Rapid City, South Dakota
Key Responsibilities
- check_circleConduct penetration testing and security code reviews
- check_circleManage end-user and administration access for access control
- check_circlePerform network and security analysis using monitoring tools
- check_circleCoordinate remediation patching and compliance efforts
- check_circleUpdate security procedures and maintain operations runbooks
- check_circleSet up and maintain proxy servers, systems, and firewalls
- check_circleCoordinate change requests and provide status updates
- check_circleDesign and implement automated security testing tools and frameworks
Requirements
- verifiedBS in Computer Science, IT, or related field
- verified10 years experience or multiple IT certifications
- verified8 years work-related experience
- verifiedActive Top Secret with SCI eligibility
- verifiedSecurity+ or DoD 8570 IAT-II certification
Nice to Have
Certified Kubernetes Application Developer (CKAD), Red Hat Certified Engineer (RHCE), Certified Jenkins Engineer (CJE), AWS Certified DevOps Engineer, Certified Kubernetes Engineer (CKA), GitLab Certified DevOps Professional, or similar certifications. Familiarity with technical aspects for IT and IAT-Level II Certifications. Experience with CI/CD pipelines, infrastructure as code, and containerization technologies. Expertise in cloud platforms, automation tools, scripting languages, and security testing tools. Understanding of AWS, Azure, or GCP and their security services. Understanding of USAF IT systems, networks, and platforms. Experience with Jenkins, GitLab CI, Azure DevOps, or similar tools for automating the build, test, and deployment process. Proficiency with tools like Terraform, Ansible, or CloudFormation to automate infrastructure provisioning and configuration. Familiarity with Docker, Kubernetes, and related technologies. Proficiency in scripting languages like Python, Bash, or PowerShell to automate security tasks and workflows. Experience with static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) tools, as well as vulnerability scanners. Solid understanding of network security principles, including firewalls, intrusion detection/prevention systems, and network segmentation. Familiarity with SIEM solutions (like Splunk or ELK) and log aggregation tools for security monitoring. Familiarity with Identity and Access Management (IAM) and Zero Trust (ZT) security models.
Benefits & Perks
check_circleHealth insurance coveragecheck_circleLife and disability insurancecheck_circleRetirement savings plancheck_circlePaid holidays and paid time offcheck_circleShort- and long-term incentives