DevSecOps Engineer

Job Family:

IT Cyber Security (Digital)

Travel Required:

Up to 10%

Clearance Required:

Ability to Obtain Public Trust

What You Will Do:

We are seeking a technically skilled and compliance-driven DevSecOps Security Analyst to support DevOps work and cybersecurity operations for federal government contracts. This role emphasizes hands-on implementation of system scan policies, configuration of monitoring tools, audit reporting, and identity and access management. The analyst will ensure systems meet federal cybersecurity standards, while contributing to risk management and continuous monitoring efforts.

Key Responsibilities:

• System Scan Policy Implementation Develop, configure, and maintain system scan policies using tools such as Nessus, ACAS, and SCAP or the like. Ensure scans align with federal vulnerability management requirements.

• Monitoring Tool Configuration & Management Deploy and manage security monitoring tools (e.g., Splunk, ArcSight, SolarWinds, Google Security Command Center) to support real-time threat detection and log aggregation.

• Audit Log Review & Reporting Generate, analyze, and review audit logs and security reports to identify anomalies and ensure compliance with DHS internal control requirements.

• IAM & Access Control Manage identity and access controls using platforms such as Okta, Google Workspace IAM, and Active Directory. Ensure least privilege and role-based access policies are enforced.

• SAST/DAST Scanning & Analysis Configure and run static and dynamic application security testing tools including Checkmarx, Fortify, Invicti, and WebInspect. Analyze results and coordinate remediation with development teams.

• Database Security & Scanning Use tools like DbProtect to scan and assess database configurations, permissions, and vulnerabilities.

• Security Control Assessment Apply and evaluate NIST SP 800-53 Rev. 5 controls; support control testing and documentation for A&A packages and continuous monitoring.

• POA&M Management Assist in identifying vulnerabilities and tracking remediation efforts through Plans of Action and Milestones (POA&Ms).

• Documentation & Communication Maintain system security documentation including SSPs, boundary diagrams, and scan results; communicate findings to stakeholders and technical teams.

• Incident Response Support Contribute to incident investigations and post-incident reviews; assist in implementing corrective actions and updating audit trails.

• AI Security Integration Evaluate and secure AI/ML applications and pipelines; implement controls for model integrity, data privacy, and adversarial threat mitigation.

What You Will Need:

• U.S. Citizenship and eligibility for a Public Trust or Secret clearance.

• Four (4) + years of experience in Cybersecurity, Information Systems or related field, preferably supporting federal contracts. in the similar fields.

• Experience in implementing and maintaining DevSecOps

• Experience in incident response, threat detection, and security monitoring for cloud-hosted web applications and infrastructure

• Hands-on experience with vulnerability scanning tools, SIEM platforms, and IAM systems.

• Working knowledge of Openshift, Kubernetes and Docker

• knowledge of GCP Google Cloud Platform

• Security practice of CI/CD pipelines using tools such as GitLab, Jenkins, Harness

• Familiarity with SAST, DAST, WebInspect, Invicti

• Strong analytical, organizational, and communication skills

What Would Be Nice To Have:

• Certifications: Security+, CAP, CISSP, CYSA+, or equivalent.

• Experience with FedRAMP, DISA STIGs, and CDM tools.

• Scripting experience (e.g., PowerShell, Python) for automation and log parsing.

• Experience supporting DHS, DoD, or civilian federal agencies

The annual salary range for this position is $98,000.00-$163,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.

What We Offer:

Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical, Rx, Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Parental Leave

• 401(k) Retirement Plan

• Group Term Life and Travel Assistance

• Voluntary Life and AD&D Insurance

• Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts

• Transit and Parking Commuter Benefits

• Short-Term & Long-Term Disability

• Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• Care.com annual membership

• Employee Assistance Program

• Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)

• Position may be eligible for a discretionary variable incentive bonus

About Guidehouse

Guidehouse is an Equal Opportunity Employer–Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at RecruitingAccommodation@guidehouse.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @guidehouse.com or guidehouse@myworkday.com.  Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse.  Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.

If any person or organization demands money related to a job opportunity with Guidehouse, please report the matter to Guidehouse’s Ethics Hotline. If you want to check the validity of correspondence you have received, please contact recruiting@guidehouse.com. Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicant’s dealings with unauthorized third parties.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.