Key Facts

Remote From:

Anywhere

Full time

Senior (5-10 years)

130 - 140K yearly

Polish

Hard Skills

Other Skills

•
Professionalism
•
Collaboration
•
Communication
•
Resourcefulness
•
Problem Solving

Roles & Responsibilities

U.S. citizen eligible for VA clearance
BS degree with 7+ years of experience
5+ years of experience with GitHub Actions CI/CD including reusable workflow authorship and IaC (Pulumi or Terraform; Pulumi with TypeScript strongly preferred)
Hands-on experience with Kubernetes cluster operations (node pools, namespaces, RBAC) and Istio service mesh, plus security scanning toolchain (SAST/SCA/container scanning) aligned with federal security requirements (FISMA High)

Requirements:

Author and maintain a reusable GitHub Actions workflow library used by tenant repositories to build, scan, and deploy applications
Build and execute CI/CD pipelines to deploy a self-service platform using Pulumi TypeScript IaC into Azure environments
Deploy and maintain AKS clusters with related networking components and Istio service mesh for multi-tenant workloads
Integrate security scanning (Semgrep, Grype, Trivy) to enforce quality gates across all CI workflows and support ongoing security/compliance efforts

Job description

Description

About the Role

Connected Logistics is seeking a DevSecOps Engineer to join a platform engineering team supporting the Department of Veterans Affairs Chief AI Office (CAIO), building and operating the cloud infrastructure, CI/CD pipelines, and containerization workflows that support AI/ML and software delivery for pilot programs. The platform runs on Azure Kubernetes Service, deployed through Pulumi (TypeScript) infrastructure-as-code and automated via GitHub Actions. You'll own the full lifecycle from reusable workflow libraries and container build pipelines to multi-tenant AKS platform operations and federal security compliance.

What You'll Get to Do as a DevSecOps Engineer

· Author and maintain a reusable GitHub Actions workflow library consumed by tenant application repositories to build, scan, and deploy

· Build and execute CI/CD pipelines that deploy a self-service platform using Pulumi (TypeScript) IaC into customer Azure environments

· Deploy and maintain cloud platform infrastructure: Azure Kubernetes Service clusters, load balancers, node pools, NSGs, and Istio service mesh

· Deploy and maintain the AI/ML platform stack, including models running on Kubernetes, Azure AI Foundry, and Azure ML Workspaces

· Containerize tenant applications using multi-stage Docker builds and deploy them to AKS through automated pipelines

· Integrate and maintain a security scanning pipeline using Semgrep (SAST), Grype (SCA), and Trivy (container image scanning) to enforce quality gates in all CI workflows

· Automate multi-tenant platform onboarding: namespace provisioning, RBAC role bindings, and virtual service creation via scripted workflows

· Set up and maintain observability infrastructure for platform and AI/ML workloads

· Collaborate with software engineers to containerize their applications for production deployment

· Follow DevSecOps best practices for security integration, IaC, SRE, and operational visibility

· Support documentation of systems, infrastructure, and automation mechanisms

Requirements

· Must be a U.S. citizen to obtain VA clearance

· BS degree with 7+ years of experience

· Independent with a mindset toward continuous learning, a drive for self-study and enrichment, and resourcefulness

· Strong communication skills and customer-facing level of polish

· Able to produce lightweight but useful documentation of system design and automation mechanisms

· 5+ years of experience across the following:

· GitHub Actions CI/CD, including reusable workflow authorship

· Infrastructure-as-code using Pulumi or Terraform; Pulumi with TypeScript strongly preferred

· Container image build (multi-stage Dockerfiles), scanning, and registry management (GHCR or equivalent)

· Kubernetes cluster operations: node pools, namespaces, RBAC, health probes, resource limits, rolling deployments

· Istio service mesh: installation, VirtualService/Gateway configuration, mTLS

· Security scanning toolchain: SAST (Semgrep or equivalent), SCA (Grype/Snyk/equivalent), container vulnerability scanning (Trivy or equivalent)

· Federal application security: OWASP, Zero Trust principles, encryption at rest and in transit, FISMA High controls

· Agile delivery (Kanban, Scrum, SAFe, or similar)

· Experience with the following technology domains in a production environment:

· Azure cloud services: AKS, Azure AI Foundry, Azure ML Workspaces, Key Vault, VNet/NSG networking, Azure Blob Storage

· Pulumi (TypeScript) for end-to-end cloud resource provisioning.

· Istio service mesh installation and multi-tenant routing configuration.

· Multi-tenant Kubernetes platform operations.

· Preferred qualifications:

· Experience with GPU node pool provisioning and AI/ML workload scheduling on Kubernetes.

· Familiarity with Python (FastAPI) and Node.js/React containerization patterns.

· Prior work on a VA, DoD, or other federal FISMA High system with ATO experience.

Total Rewards Statement

We believe in fairness and clarity throughout our hiring process. The anticipated salary range for this position is $130,000.00 to $140,000.00 USD. This is a good-faith range based on factors such as your experience, geographic location, and any applicable contractual requirements, and may vary slightly.

Beyond salary, we provide a robust benefits package and encourage ongoing professional development, because your growth and well-being matter to us. We’re excited to support you in building a rewarding career with us!

Connected Logistics respects the need for confidentiality for all applicants.

Connected Logistics offers an excellent benefits package that includes health, dental, vision, life, and disability insurance, a great 401(k) package, and generous Paid Time Off.

EOE/Disability/Veterans

Ready to apply?

APPLY

Share ·