Cloud DevSecOps Engineer III

Cloud DevSecOps Engineer III Secure CI/CD, code review, infrastructure-as-code, control automation, and ATO-ready evidence generation Please Note Our client is bidding on a federal government contract and needs to present the resume of the individual that will be hired for this Cloud DevSecOps Engineer III position This is an onsite position that may be changed to a hybrid role. Should our client win, the anticipated start date will be September 2026. Role Summary The Cloud DevSecOps Engineer III will provide senior engineering support to embed cybersecurity, compliance, automation, and continuous control validation into application development, infrastructure deployment, cloud engineering, and system integration workflows. This role will ensure that new projects, applications, scripts, pipelines, infrastructure-as-code templates, and cloud-native deployments are designed and implemented with appropriate cybersecurity features and safeguards in accordance with federal policies, standards, directives, and Authorizing Official requirements. The Cloud DevSecOps Engineer III will be a hands‑on security automation engineer who works across development, security, operations, ISSO, SCA, SOC, vulnerability management, cloud architecture, and project management teams. The role will help shift security left into design and code review, shift security right into monitoring and runtime validation, and maintain traceability from requirements to controls, controls to pipeline checks, pipeline checks to evidence, and evidence to JCAM/ATO documentation. Education, Certifications, and Clearance Bachelor's degree in cybersecurity, computer science, software engineering, cloud engineering, information systems, or a related discipline. Public Trust / Suitability ( eligible for Secret ). Two (2) or more certifications from the following list: ISACA - Certified Information Systems Auditor (CISA) ISACA - Certified in Risk and Information Systems Control (CRISC) ISACA - Certified Information Security Manager (CISM) ISACA - Certified in Governance of Enterprise IT (CGEIT)

• ISC)² - Certified Information Systems Security Professional (CISSP)
• ISC)² - Certified Authorization Professional (CAP)

Practical experience with SonarQube, SAST/DAST tooling, IaC scanning, container scanning, Splunk, Nessus/Tenable, Palo Alto Prisma, PowerShell DSC, Git-based workflows, and CI/CD platforms. Required Knowledge, Skills, and Abilities Minimum 5 years of demonstrated experience in all of the following areas : Cloud‑native architectures, AWS, VPC, Security Groups, IAM, Docker, KMS, S3 Encryption, RDS Encryption, SSL Certificates, Data Lake security, CloudFormation, CloudFlare, CloudFront, API Gateway, Lambda, Egress proxies, application security, domain segmentation, authentication, data protection, and automation of processes. Experience using AWS Infrastructure-as-Code (IaC), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). Research, Design, Development, Testing and Deployment experience using AWS IaaS, PaaS services, tools and technologies to support continuous integration and delivery on Linux Environment. Demonstrated ability to build and execute complex security plans in AWS. Experience working with compliance and regulatory requirements in AWS. Experience working in a risk‑based environment including mitigation, planning, and implementation in AWS. Hands‑on experience with Splunk, Nessus, Tenable Security Center, and firewall tools such as Palo Alto, Imperva, Fortinet, etc. Primary Responsibilities Support secure software development and system integration lifecycle by reviewing application designs, infrastructure scripts, pipeline configurations, container images, open‑source dependencies, secrets management approaches, authentication flows, data protection methods, and deployment patterns for compliance risks and security weaknesses. Identify issues before they become ATO blockers, production vulnerabilities, or POA&Ms findings. Support the Cybersecurity, Policy and Oversight team and ISSOs in the preparation of Security and Privacy Authorization documentation required to attain Authorization to Test or Authorization to Operate. Provide cybersecurity reviews, security configuration reviews, initial risk assessment support, certification testing review, coordination with ISSOs on security design changes, and development of POA&Ms when security requirements are not being met. Design, maintain, and improve secure CI/CD and DevSecOps pipelines that incorporate SAST, DAST, software composition analysis, infrastructure‑as‑code scanning, container image scanning, secrets detection, dependency vulnerability review, policy‑as‑code, configuration compliance, and deployment security gates. Support DevSecOps security tools used to detect open‑source components in code, static and dynamic application security testing, SonarQube, PowerShell DSC, Palo Alto Prisma, and related pipeline security capabilities. Implement cloud automation using AWS‑native services, CloudFormation, infrastructure‑as‑code, APIs, Lambda, IAM, security groups, KMS, S3 encryption, RDS encryption, SSL certificates, API Gateway, CloudFront, egress proxies, container security, domain segmentation, authentication controls, data protection, and automated evidence capture. Review application code, deployment scripts, infrastructure‑as‑code, CI/CD jobs, container configurations, and cloud deployment templates for security risks, compliance violations, and deviations from federal security requirements. Embed security checks into CI/CD pipelines using tools such as SonarQube, Prisma, SAST, DAST, dependency scanning, secrets detection, vulnerability scanning, and configuration compliance tooling. Support risk assessments during concept development, design review, testing, and deployment phases. Automate the deployment and verification of technical controls, supporting requirement to integrate configuration management and DevSecOps pipelines to automatically deploy, enforce, and verify technical controls. Build repeatable AWS infrastructure patterns using IaC and secure‑by‑default baselines for VPCs, security groups, IAM roles, KMS keys, encryption, logging, monitoring, and cloud‑native alerts. Help close POA&Ms by engineering durable remediation into code, templates, automation, and standard operating procedures instead of relying on one‑time manual fixes. Provide monthly briefings and/or reports to upper management on the cybersecurity status of new projects, applications, and information systems. #J-18808-Ljbffr Innovative Computer Solutions Group, Inc