DevSecOps Engineer

Kforce has a client seeking a DevSecOps Engineer to design, implement, and maintain secure CI/CD pipelines. The role involves integrating security scanning and vulnerability management into development workflows, automating infrastructure provisioning, and collaborating with development, QA, security, and operations teams. The engineer will ensure security is embedded throughout the SDLC and support containerization, orchestration, and cloud environments with a strong focus on security best practices.

Must Have

• Design, implement, and maintain secure CI/CD pipelines.
• Integrate security scanning, compliance checks, and vulnerability management.
• Automate infrastructure provisioning, configuration, and application deployment.
• Collaborate with development, QA, security, and operations teams.
• Support and enhance containerization, orchestration, and cloud environments with security best practices.
• Experience with GitHub, GitHub Actions, Jenkins, SonarQube, Fortify.
• Experience setting up artifact repositories (Nexus, JFrog, ECR).
• Strong understanding of Infrastructure as Code (IaC) concepts and tooling (Terraform or CloudFormation).
• Scripting in Bash, Python, Groovy.
• Cloud experience with AWS (EC2, S3, IAM, VPC networking basics, CloudWatch, SSM, ECS/EKS).

Good to Have

• Docker
• OpenShift
• Helm

Perks & Benefits

• Medical/dental/vision insurance
• HSA
• FSA
• 401(k)
• Life, disability & ADD insurance
• Paid time off (for salaried personnel)

Kforce has a client that is seeking a DevSecOps Engineer in NY (hybrid) (remote, NY working hours). Project, Role and Task Descriptions:

• Design, implement, and maintain secure CI/CD pipelines for application build, test, and deployment
• Integrate security scanning, compliance checks, and vulnerability management into development and deployment workflows
• Automate infrastructure provisioning, configuration, and application deployment using modern DevSecOps tools
• Collaborate with development, QA, security, and operations teams to ensure security is embedded throughout the SDLC
• Support and enhance containerization, orchestration, and cloud environments with a strong focus on security best practices

Requirements

• CI/CD, Version Control & Security Integration: Experience building enterprise-grade CI/CD pipelines; GitHub (branching, PR workflows, GitHub Actions), GitHub Actions (secure workflows, secrets management, runner configuration), Jenkins (scripted/declarative pipelines, shared libraries), SonarQube (code quality, SAST), Fortify (static code analysis, security scanning); Experience setting up artifact repositories (Nexus, JFrog, ECR)
• Configuration Management & Automation: Ansible (roles, playbooks, secure inventory handling); Puppet (manifests, modules, environment management); Strong understanding of Infrastructure as Code (IaC) concepts and tooling (Terraform or CloudFrormation)
• Scripting & Development: Bash, Python, Groovy (both for Jenkins and development). Ability to write automation scripts
• Cloud: EC2, S3, IAM (roles, policies, least privilege), VPC networking basics, AWS CloudWatch, SSM, ECS/EKS
• Nice to have: Docker, OpenShift, Helm

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.