[Hiring] DevSecOps Lead @Halvik

Role Description

The DevSecOps Lead is responsible for architecting, securing, and operating GitLab Enterprise pipelines within the Army's ECMA (cARMY) cloud environment. This role ensures deterministic, repeatable, and fully auditable build and deployment workflows across containerized services, EC2-based runners, ECS-deployed applications, and Postgres-backed systems. The position is central to maintaining enterprise-grade DevSecOps readiness, enforcing compliance controls, and enabling rapid, reliable delivery of mission software.

Responsibilities:

• Pipeline Architecture & Operations
  • Design, implement, and maintain GitLab Enterprise CI/CD pipelines for Java/Spring Boot and containerized applications.
  • Manage EC2-based GitLab runners, autoscaling groups, and secure execution environments.
  • Build and maintain deployment workflows targeting Amazon ECS (Fargate or EC2 launch types).
  • Implement artifact versioning, promotion workflows, and environment-specific deployment gates.
  • Ensure pipelines support deterministic AI-generated code integration and reproducible builds.
• Security, Compliance & cARMY Integration
  • Ensure all pipelines comply with Army ECMA/cARMY security policies, boundary controls, and audit requirements.
  • Integrate STIG-aligned scanning, dependency checks, SAST/DAST, and container security tooling.
  • Maintain traceability and documentation required for ATO, RMF, and continuous monitoring.
  • Enforce least-privilege IAM roles, credential management, and secure secrets handling.
• Automated Testing & Quality Gates
  • Integrate JUnit, mocking frameworks, and automated test suites into CI/CD workflows.
  • Ensure pipelines enforce quality gates before merge, promotion, or deployment.
  • Support integration testing, smoke testing, and environment validation steps.
• Infrastructure & Environment Management
  • Manage container registries, image hardening, and secure image lifecycle.
  • Support ECS service deployments, task definitions, and container orchestration workflows.
  • Coordinate EC2, VPC, networking, IAM, and ECS cluster configurations with platform teams.
  • Support Postgres database provisioning, migrations, and pipeline-driven schema updates.
  • Maintain environment parity across dev, test, staging, and production.
• Cross-Team Collaboration
  • Work closely with developers, integration teams, QA, cybersecurity, and platform engineering.
  • Provide guidance on pipeline readiness, deployment blockers, and DevSecOps best practices.
  • Support release readiness reviews and operational documentation.

Qualifications

• 10+ years experience in software development, DevOps, or platform engineering.
• 5+ years hands-on experience with GitLab CI/CD in enterprise environments.
• Experience operating pipelines with containers, EC2 runners, ECS deployments, and Postgres.
• Strong background in secure DevSecOps practices, automated testing, and pipeline governance.
• Familiarity with DoD cloud environments, preferably cARMY / ECMA.
• Experience integrating SAST/DAST, dependency scanning, and container security tools.
• Strong understanding of microservices, container orchestration, and cloud networking.

Education

• Bachelor's degree in Computer Science, Information Systems, Software Engineering, or related field.
• Master's degree preferred.

Clearance

• Active Secret security clearance required.

Benefits

• Company-supported medical, dental, vision, life, STD, and LTD insurance.
• Benefits include 11 federal holidays and PTO.
• Eligible employees may receive performance-based incentives in recognition of individual and/or team achievements.
• 401(k) with company matching.
• Flexible Spending Accounts for commuter, medical, and dependent care expenses.
• Tuition Assistance.
• Charitable Contribution matching.