Design and maintain reusable pipeline templates and parent/child pipeline structures
Experience with SAML/SSO/LDAP integration and designing group/project permission models
Fluency in Terraform for configuration management
Requirements:
Manage the full lifecycle of GitLab deployment including upgrades, backups, and performance tuning
Architect CI/CD pipelines and integrate with security scanners and artifact repositories
Oversee GitLab Runner fleet management on Kubernetes/EKS
Implement and maintain security controls, ensuring compliance with industry standards
Job description
"WE DO WHAT WE SAY "
JTSi is a federal government consulting firm, providing technical services to the Federal Government, i.e., DoD, Client and various Civilian Agencies. We are proud to have earned the reputation of honesty, integrity and the ability to build long-term professional relationships with our employees and clients. Please visit our website at www.JTSUSA.com to learn more about who we are and what we do.
Company Name: - JTSi (Johnson Technology Systems, Inc.)
Title: DevOps Engineer T3
Location: Remote - Candidate can be remote but if they are within 30 miles of the Herndon office they will be asked to report to the office 1-2 a week (Can change based on business needs).
Salary : $142K - $ 148K / Year on W2
DESCRIPTION OF PROJECT AND TASKS:
*MUST be a US Citizen and ONLY hold US citizenship (No Dual Citizens)
*Candidate can be remote but if they are within 30 miles of the Herndon office they will be asked to report to the office 1-2 a week (Can change based on business needs).*
*Temp position*
About the Role
We are looking for a senior engineer who owns our GitLab self-managed platform end to end, not someone who has merely used GitLab, but someone who has run it. You will be the technical authority on our self-hosted GitLab environment, responsible for its availability, performance, security posture, and the CI/CD experience of every engineering team that depends on it.
This is a hands-on, deep-specialist role. We are deliberately not hiring a broad DevOps generalist who lists GitLab among ten other tools. We want someone who knows the product intimately, stays current with its fast-moving release cycle, and treats the platform as a product in its own right.
You will work in a security-conscious, regulated environment, so we need someone who is comfortable making security a first-class concern in everything they build and who is willing to speak up when something isn't right.
What You'll Own
- The full lifecycle of our self-managed GitLab deployment: upgrades, backups, high availability, capacity planning, and performance tuning.
- CI/CD pipeline architecture across the organization, including reusable pipeline templates, parent/child pipelines, and integrations with our security scanners and artifact repositories.
- GitLab Runner fleet management at scale, including shared, group, and project-scoped runners running on a Kubernetes executor on EKS.
- Authentication and access control across the platform - SSO/SAML/LDAP integration and enterprise-scale group and project permission models.
- Managing platform configuration as code rather than through the UI, with Terraform as the source of truth.
Must-Have Qualifications
- GitLab self-managed administration. Direct, recent experience administering self-managed GitLab (not GitLab.com SaaS). You have personally handled upgrades, backups, high-availability configurations, runner management, and performance tuning.
- CI/CD pipeline architecture. You design and maintain reusable pipeline templates and parent/child pipeline structures, and you've integrated pipelines with security scanners and artifact repositories. We use JFrog and Wiz; experience with these specifically is a plus.
- GitLab Runner management at scale. You understand the trade-offs between shared, group, and project-scoped runners, and you've operated runners using the Kubernetes executor on EKS.
- Authentication and access control. You've implemented and maintained SAML/SSO/LDAP integration and designed group and project permission models at enterprise scale.
- Infrastructure-as-code fluency. You're fluent in Terraform, ideally including the GitLab provider, and you instinctively manage configuration as code rather than clicking through the UI.
Strong Nice-to-Haves
- GitLab Geo experience, including replication and disaster-recovery scenarios.
- Container Registry and Package Registry administration.
- Migration experience such as onboarding organizations into GitLab, or executing major version upgrades on self-managed instances.
- Hands-on experience integrating GitLab with Kubernetes/EKS for runner workloads and deployment pipelines.
- Federal or regulated-industry exposure: FedRAMP, IL5, NIST 800-53, and familiarity with the ATO process.
Security Responsibilities
Security is not a separate workstream in this role β it's built into the platform you operate.
You will:
- Integrate and maintain security and vulnerability scanning (e.g., Wiz, SAST/DAST, dependency and container scanning) directly within CI/CD pipelines, and ensure findings are visible and actionable for engineering teams.
- Harden the GitLab platform itself: enforce least-privilege access models, manage secrets and CI/CD variables securely, and keep the environment patched and current with security releases.
- Implement and maintain supply-chain security controls, such as signed artifacts, trusted artifact repositories (JFrog), and policies that prevent untrusted dependencies from entering builds.
- Support audit, logging, and compliance requirements, and help maintain the platform's posture against frameworks such as NIST 800-53 in support of FedRAMP/IL5 and ATO obligations.
- Partner with security and compliance teams to translate control requirements into enforceable, automated platform configuration.
Who You Are
Vocal and comfortable speaking up. This is a genuine requirement, not a throwaway line. We need someone who will raise concerns early, flag risks before they become incidents, push back on shortcuts that compromise security or stability, and advocate for the right technical approach, even when it's not the easiest conversation in the room. Quiet competence isn't enough here; we need your voice.
- A specialist at heart. You'd rather know one critical platform deeply than know ten tools superficially.
- Current. You've worked on self-managed GitLab within the last couple of years and keep pace with how quickly the product evolves.
- Pragmatic and security-minded, with a bias toward automation and codified, repeatable configuration over manual changes.
What We're Looking For (and What We're Not)
To be clear about the bar for this role: we're looking for an administrator and platform owner, not an end user. Candidates whose GitLab experience amounts to having used it at a previous company are not a fit. Likewise, generalists who can name many tools but can't go deep on the operation of any of them won't be the right match. Because self-managed GitLab changes quickly, we're specifically looking for people who have administered it hands-on recently.
If you've run GitLab self-managed in earnest, kept it up, kept it fast, kept it secure, and kept its users productive, we want to talk to you.
We recruit, employ, train, compensate and promote without regard to race, religion, color, citizenship, national origin, age, sex, gender, gender identity/expression, sexual orientation, marital status, disability, genetic information, veteran status or any other characteristic protected by federal, state, or local law.
Disclaimer: Nothing in this job description/posting shall constitute an offer or promise of employment. If you are not reviewing this job posting on our Careers' site http://jtsusa.com/careers or one of our approved job boards we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at http://jtsusa.com/careers
