DevSecOps Site Reliability Engineer - Clearance Required

LMI is looking for an expert DevSecOps Site Reliability Engineer to join our exciting and innovative team to support transforming and modernizing how the United States Army delivers software.

The DevSecOps Site Reliability Engineer (SRE) is required to build and maintain IT infrastructure resources that serve the Command Digital and Artificial Intelligence Office's (CDAO) data analysis and data management requirements. The SRE brings a lacking but critical expertise to the CDAO's team on creating scalable, highly reliable, and secure infrastructure and software resources.

This is a 100% remote role with quarterly travel for in person team planning and collaboration events. This position requires an active Secret clearance.

LMI is a new breed of digital solutions provider dedicated to accelerating government impact with innovation and speed. Investing in technology and prototypes ahead of need, LMI brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed.

Leveraging our mission-ready technology and solutions, proven expertise in federal deployment, and strategic relationships, we enhance outcomes for the government, efficiently and effectively. With a focus on agility and collaboration, LMI serves the defense, space, healthcare, and energy sectors-helping agencies navigate complexity and outpace change. Headquartered in Tysons, Virginia, LMI is committed to delivering impactful results that strengthen missions and drive lasting value.

The DevSecOps Site Reliability Engineer will work as our first Site Reliability Engineering team member. As the initial member of this team, you will be working with IronSled to stand up our Production Support policies and escalation process.

IronSled is LMI's DevSecOps platform that serves as the central hub for all software development projects. IronSled allows internal and external users to set up development environments with just a few clicks:

* Access standardized tools and resources
* Build applications using secure, pre-approved components
* Deploy and manage applications throughout their lifecycle
* Monitor application performance and security

Continuous Integration/Continuous Deployment (CI/CD):

Design, implement, and manage CI/CD pipelines in Gitlab to ensure efficient and reliable software delivery.
• Integrate security tools and practices into CI/CD workflows to detect and mitigate risks early.
• Familiar with implementation of deployment strategies including blue/green, canary, and A/B testing.

Automation and Scripting:

• Develop and maintain automation scripts to streamline and enhance deployment processes.
• Advise on and implement configuration management tools for consistent environment setup.
• Develop and manage automated deployment and configuration of Kubernetes clusters.
• Support configuration of automated testing including functional, integration, end-to-end, resilience, and disaster recovery.

Security Integration:

• Implement security measures and controls within CI/CD pipelines.
• Develop and employ automated, regular, pre and post-deployment security assessments and vulnerability scans and testing.
• Ensure compliance with Army and Department of Defense (DoD) security standards and policies.
• Provide direct technical input into security remediation documentation.

Monitoring and Incident Response:

• Set up and maintain monitoring and logging solutions to detect and respond to incidents in real-time.
• Collaborate with security teams to investigate and remediate security incidents and breaches.
• Develop and maintain incident policies and procedures.
• Work directly with users and app teams to resolve production issues.

Collaboration and Communication:

• Work closely with development, operations, and security teams to ensure seamless integration of security practices.
• Provide training and guidance to team members on security best practices and DevSecOps methodologies.
• Directly coordinate with Government service and resource providers to implement technical solutions.

Infrastructure as Code (IaC):

• Utilize AWS specific IaC tools (i.e. CloudFormation, SAM, CDK) to manage and provision infrastructure.
• Ensure infrastructure is secure, scalable, and compliant with Army requirements.

Risk Management:

• Identify and address potential security risks and vulnerabilities throughout the development lifecycle.
• Implement risk mitigation strategies and conduct regular risk assessments.

Compliance and Documentation:

• Ensure all systems and applications comply with relevant regulations and standards (e.g., NIST, FISMA, RMF).
• Provide DevSecOps technical input to comprehensive documentation of security practices, procedures, and incident response plans.

Performance Optimization:

• Optimize performance and scalability of applications and infrastructure.
• Conduct performance testing and implement improvements as needed.

Research and Development:

• Stay current with emerging technologies and security trends.
• Monitor and adapt to rapidly changing Government technologies and security trends.
• Expand expertise in container technologies and orchestration platforms (e.g., Docker, Kubernetes) to improve deployment processes and system scalability

Disaster Recovery and Organization Continuity:

• Collaborate with System Architect and Product Management to develop and maintain disaster recovery plans and organization continuity strategies.
• Conduct regular drills and tests to ensure preparedness for potential disruptions.

Software Development Support:

• Assist in the design, development, and deployment of secure software solutions.
• Coordinate with lead developers to ensure security is considered throughout the software development lifecycle (SDLC).

• Minimum of a SECRET security clearance
• Bachelor's degree in Computer Science or related technical field
• DoD 8570 IAT Level II Certification (SEC+ or other)
• 10+ years' experience as a Site Reliability Engineer, DevSecOps, or Platform Engineer
• Proven, demonstrated technology experience with enterprise CI/CD
• Familiarization with programming best practices
• Ability to debug, optimize code, and automate routine tasks
• Systematic problem-solving approach, coupled with effective communication skills and a sense of drive
• Understanding of Unix/Linux operating systems
• Demonstrated experience building continuous, automated build and deploy pipelines
• Demonstrated experience in conditional procedure of build and deploy pipeline based on security scans of source and artifact
• Capable of working with software development team and platform infrastructure team to provide meaningful guidance to both for code development and deployment
• In-depth knowledge of version control of release artifacts to facilitate upgrade rollout and rollback
• Strong understanding of containerization of web applications
• Understanding and familiarity with container orchestration engines such as K8s (EKS, AKS, GKE, Kops, OpenShift)
• Demonstrated Experience with GitLab CI/CD
• Experience with bash shell scripting
• Experience with AWS CI/CD tools and services
• Experience with Agile development methodologies and working with Agile teams
• Ability to work in a highly collaborative team environment

PREFERRED EXPERIENCE/SKILLS:

• Master's degree in science, technology, engineering, mathematics, computer science, economics, or related technical discipline
• AWS GovCloud experience is highly preferred
• SAFe certification and experience are a plus
• Experience working in IL4 or equivalent secure environments
• Experience with security requirements in a federal IT environment, including FedRAMP-certified providers and FISMA requirements for acquiring an ATO
• Experience working in a consultant/client environment