CDAO Advana - DevSecOps Engineer

Join GDIT and be a part of the team of men and women that solve some of the world's most complex technical challenges. The CDAO Advana team is seeking an DevSecOps Engineerto join their efforts in the DC area.

Advana is the Chief Digital and Artificial Intelligence Office’s (CDAO) enterprise-wide, multi-domain data, analytics, and artificial intelligence (AI) platform that provides all DoD military and civilian decision makers, analysts, and builders with unprecedented access to enterprise data, tools, and capabilities.

This is a proposal with award expected June 2026. If interested, please apply as we are interviewing and making contingent offers now.

Duties include:

• Executes enterprise DevSecOps modernization for the Advana program by architecting, operating, and optimizing software‑factory pipelines across NIPRNet, SIPRNet, and JWICS to support mission‑critical analytics for Defense Department leadership, Combatant Commands, and intelligence‑driven operational communities.

• Designs integrated development, security, testing, and deployment workflows using GitLab, Jenkins, Kubernetes, ArgoCD, Terraform, CloudFormation, Nexus, Harbor, SonarQube, Anchore, Trivy, Sysdig, and OpenSCAP to maintain software integrity, traceability, and compliance across development, test, integration, staging, and production environments.

• Leads continuous pipeline development, automation scripting, and multi‑environment integration activities supporting IL2, IL5, IL6, and JWICS enclaves.

• Sets the DevSecOps strategy for the program, evaluates emerging commercial and open‑source tooling, develops adoption recommendations, and drives modernization initiatives that strengthen automation coverage and operational resilience.

• Coordinates incident‑response activities across engineering, cybersecurity, and platform‑operations teams, escalates critical issues to program leadership, and governs change‑control processes, audit schedules, and compliance reporting.

• Designs secure CI/CD pipelines that automatically build, test, scan, and deploy Advana IaC, CaC, and application code.

• Develops and maintains Infrastructure‑as‑Code and Configuration‑as‑Code repositories encoding classification‑specific security baselines.

• Runs automated STIG and NIST compliance checks, dynamic scans, and remediation workflows after each change. Implements observability and incident‑response hooks feeding metrics, logs, and alerts into the SIEM.

• Maintains documentation, runbooks, and knowledge‑transfer materials for all DevSecOps tooling and security policies.

• Enforces protected branches, merge‑request approvals, signed‑commit requirements, artifact‑signing procedures, and automated pre‑receive checks for SAST, secret‑leak detection, and IaC linting.

• Maintains continuous vulnerability monitoring, artifact governance, and repository integrity.

• Produces architecture updates, maturity assessments, performance reports, and roadmap recommendations that accelerate release cycles, strengthen compliance posture, and enhance mission readiness across the Advana enterprise.

Basic Qualifications:

• BS degree; additional years of experience may be considered in lieu of degree
• 8+ years of experience developing DevSecOps modernization
• Experience optimizing software-factory pipelines

• Security+

• TS with SCI eligibility

WHAT CAN GDIT OFFER YOU?

• Excellent customizable health benefits (Medical, Dental and Vision)
• 401K with company match
• Educational Assistance and eLearning
• Flexible work week
• Internal mobility team dedicated to employee advancement
• Rewards and Recognition programs
• Innovative and collaborative environment encouraging of highly motivated critical thinking