Senior DevOps Engineer

This is a fully remote position, open to applicants in Maryland.

📋 Description

• Designing, implementing, and maintaining the DevSecOps toolchain that underpins the Salesforce-based MESH platform and its integrations across AWS, Microsoft 365, T-MSIS, MBES/MacFin, and CMS DataConnect.

• Building and managing CI/CD pipelines utilizing GitHub Actions and Copado to automate build, testing, security scanning, deployment, and rollback processes for both Salesforce and AWS-hosted components.

• Overseeing AWS cloud infrastructure with infrastructure-as-code (Terraform, AWS CloudFormation) and configuration management tools (Ansible), ensuring compliance with CMS Cloud governance and FedRAMP Moderate baselines.

• Implementing observability throughout the platform using tools like Splunk, AWS CloudWatch, New Relic, or Dynatrace; creating dashboards and alerts for monitoring system health, latency, throughput, error rates, and capacity (median, 95th, and 98th percentile).

• Automating routine operational tasks (provisioning, patching, configuration, user/access management) with Python, Bash, PowerShell, and AWS APIs to minimize manual effort and enhance repeatability.

• Collaborating with the security team to integrate security gates (SAST, DAST, SCA, container scanning) into pipelines and address vulnerabilities within CMS-defined timelines.

• Assisting with incident, change, and problem management as part of an integrated Agile delivery team; contributing to root-cause analyses and preventive measures.

• Maintaining secure, monitored environments for development, testing, UAT, staging, and production using minimum-downtime deployment strategies and well-tested rollback procedures.

• Implementing data backup, retention, and disaster-recovery solutions for both Salesforce and AWS-hosted assets, validated through scheduled restoration tests.

• Managing user access, secrets, and certificates across CMS IDM/Okta, EUA, AWS IAM, GitHub, and Copado following least-privilege and zero-trust principles.

• Documenting architecture, runbooks, deployment procedures, and operational standards using CMS-approved tools (Confluence, Box, GitHub) to ensure transparency for CMS Product Owners.

• Coordinating with the CMS Cloud contractor to maximize cloud resource efficiency, cost-effectiveness, and adherence to CMS Cloud governance processes.

• Mentoring engineers on DevSecOps best practices, automation-first design, and continuous-improvement metrics related to deployment frequency and reliability.

⛳️ Requirements

• All candidates must successfully pass public trust clearance through the U.S. Federal Government.

• A Bachelor’s degree in computer science, engineering, or a related field is required.

• A minimum of 8 years of hands-on DevSecOps experience with AWS cloud architectures, CI/CD pipelines (GitHub Actions), log aggregation (Splunk), monitoring (New Relic), security tools (Snyk, Tenable Nessus, AWS Security Hub), and release management.

• In-depth knowledge of AWS services (both server and serverless), S3 access management, and application configuration.

• Extensive experience with Ansible or Terraform, AWS CloudFormation, Python, Jenkins, Git, and security-scanning tools (Nessus, BurpSuite, OWASP ZAP, etc.).

• Practical experience implementing infrastructure-as-code across the full spectrum of development and data analytics environments.

• Familiarity with data organization, partitioning strategies, and data retention policies for cloud-based data pipelines.

• Strong investigative skills with the capability to conduct root-cause analysis and impact analysis on suggested changes.

• Proficiency with Atlassian Jira and Confluence.

🏝️ Benefits

• Medical, dental, and vision coverage.

• 401(k) retirement benefits.

• Paid time off.

• Paid holidays.

• Life and disability insurance.

• Additional wellness and employee support programs.