DevSecOps Engineer at C-HIT

Key Responsibilities

DevSecOps & Automation

Design, implement, and maintain CI/CD pipelines for application and API deployments.
Automate build, test, security scanning, and deployment processes.
Manage infrastructure using Infrastructure as Code (IaC) tools (Terraform, CloudFormation, ARM).
Support containerized environments using Docker and Kubernetes.
Ensure high availability, scalability, and disaster recovery.

Security Integration (DevSecOps)

Embed security controls into CI/CD pipelines (SAST, DAST, SCA).
Implement and maintain container security and image scanning.
Enforce secrets management, encryption, and key rotation.
Integrate identity and access management (IAM) with least-privilege principles.
Conduct vulnerability assessments and support remediation activities.

Cloud & Platform Engineering

Design and manage secure cloud environments like AWS.
Implement network security controls (VPCs, firewalls, security groups).
Monitor system performance, logs, and security events.
Support API Gateway platforms (e.g., MuleSoft Anypoint Platform).

Compliance & Governance

Ensure compliance with HIPAA, CMS, FISMA, FedRAMP, and NIST (800-53, 800-171).
Support ATO processes, audits, and security documentation.
Implement continuous monitoring and compliance reporting.
Collaborate with ISSO and security teams on risk assessments.

Collaboration & Agile Support

Work closely with developers, architects, QA, and security teams.
Participate in Agile ceremonies and release planning.
Provide guidance on secure coding and cloud security best practices.

Required Qualifications:

4+ years of experience in DevOps or DevSecOps engineering.
Strong experience with CI/CD tools (Jenkins, GitLab CI, GitHub Actions).
Hands-on experience with cloud platforms (AWS, Azure, or GCP).
Experience with containerization and orchestration (Docker, Kubernetes).
Knowledge of security tools (Snyk, SonarQube, Aqua, Prisma Cloud, or similar).

Preferred Qualifications:

Experience supporting federal or healthcare IT programs.
Experience with API Gateways and MuleSoft.
Knowledge of FHIR/HL7 healthcare data standards.
Experience with FedRAMP Moderate/High environments.
AWS certification preferred, particularly AWS Certified DevOps Engineer – Professional or Solutions Architect – Associate/Professional.

Key Skills:

DevSecOps & CI/CD Automation
Cloud Security & Infrastructure as Code
Container & Kubernetes Security
Federal Compliance & ATO Support
Monitoring, Logging & Incident Response
API Gateway & Integration Platforms

Residency Requirement:

Candidate must be US Citizen OR Green Card to obtain Public Trust clearance and must have lived in the United States for at least three (3) out of the last five (5) years.

Salary & Benefits Information:

The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience, and location.
C-HIT offers Healthcare Benefits, Remote Working Options, Paid Time Off, PTO cash-out, Training/Certification opportunities, Healthcare Savings Account & Flexible Savings Account, Paid Life Insurance, Short-term & Long-term Disability, 401K Match & Profit sharing, Employee Assistance Program, Paid Holidays, and much more perks and Voluntary benefits!
Employees of C-HIT shall, as an enduring obligation throughout their term of employment, adhere to all information security requirements as documented in company policies and procedures.

C-HIT, a CMMI Maturity Level 5 company, focuses on delivering information technology and professional services to Federal and State agencies."C-HIT is an EOE, including disability and veterans”

Life at C-HIT

C-HIT provides comprehensive, reliable, innovative Information Technology, Healthcare, and Health Information Technology (HIT) software development and consulting services to federal, state, and local organizations. We are customer-focused, and we listen to our clients, ensuring we provide the services our clients want, while saving them money. We provide fast and effective solutions and seamless transitions, enabling our clients to improve their performance and maximize their productivity in a secure IT environment. C-HIT specializes in enterprise strategy and architecture; project management; identity and access management; software and cloud engineering; big data solutions, data analytics, and business intelligence; HIT systems and data interoperability; cyber and digital security; and quality assurance and independent validation services testing. C-HIT's success is attributed to our highly talented, versatile employees who consistently exceed our clients expectations and are recognized for their hard work, quality performances, customer service, and responsiveness on every initiative. C-HIT, an 8(a)-certified EDWOSB, with CMS SPARC SB IDIQ, is a process-centric organization, maintaining CMMI Maturity Level 3 for Development and following ITIL and PMBOK-based standards and best practices.

Thrive Here & What We Value

EOE (including disability and veterans)

Collaborative work environment

Professional growth opportunities

Flexible work schedules

Performance recognition

DevSecOps Engineer