• Own and operate a production cloud platform running on Microsoft Azure and Cloud Foundry (or comparable platforms) • Ensure availability, performance, and reliability across infrastructure and platform components • Serve as the primary escalation point for platform-level incidents • Lead incident response, root cause analysis, and post-incident remediation • Use modern monitoring, alerting, and AI-assisted observability tools to improve detection, diagnosis, and resolution of incidents • Drive continuous improvements to reduce operational risk, after-hours incidents, and manual intervention • Own certificate and secrets lifecycle management, including TLS automation and secure secrets handling (e.g., CredHub, Vault) • Ensure secure and compliant practices around identity, access, and credential management • Partner with engineering teams to embed security and reliability best practices into platform workflows • Automate common operational tasks using Bash and/or PowerShell • Support and extend infrastructure-as-code using Terraform and/or Bicep • Improve platform consistency and repeatability through Git-driven, automation-first workflows • Leverage AI-assisted tooling to support scripting, troubleshooting, and operational documentation • Support PCI and other compliance activities, including technical control implementation, audit support, and remediation tracking • Maintain clear runbooks, diagrams, and documentation to enable repeatable operations and knowledge transfer • Partner with internal teams and external auditors to support compliance requirements • Work closely with application engineers, junior SRE/support staff, and vendor partners • Provide technical guidance and mentorship to junior teammates • Act as a trusted partner to engineering teams on reliability, performance, and operational readiness

• Design, operate, and continuously improve automated CI/CD pipelines using GitLab CI to support zero-downtime deployments across multiple environments. • Support development teams with standardized deployment tooling, automation, and operational best practices. • Produce monthly CI/CD pipeline performance reports, identifying risks, trends, and optimization opportunities. • Administer and support containerized workloads using Kubernetes (EKS) and Docker-based container platforms. • Configure and manage Linux-based servers and systems. • Implement Infrastructure as Code (IaC) using Terraform and/or AWS CDK for repeatable, auditable deployments. • Support provisioning and configuration of AWS services including EC2, EKS, ECS, S3, RDS, VPC, Lambda, and related services. • Coordinate infrastructure changes without performing AWS account provisioning or organizational administration. • Integrate security scanning into CI/CD pipelines using tools such as Trivy, AWS Inspector, and AWS Security Hub. • Perform vulnerability triage and coordinate remediation with development teams in accordance with defined timelines. • Implement and manage IAM least-privilege policies, secrets, and encryption using AWS KMS, Secrets Manager, and SSM. • Ensure encryption in transit and at rest across all in-scope systems. • Configure and maintain monitoring and observability using CloudWatch, Prometheus, Grafana, and centralized logging solutions. • Support Tier 2 and Tier 3 incident response for production systems, meeting SLA requirements. • Participate in root-cause analysis and continuous improvement initiatives. • Participate in Agile sprints, including backlog grooming, sprint planning, stand-ups, and retrospectives. • Track work in JIRA, using story-point estimation and sprint metrics. • Support reprioritization of backlog items in coordination with the COR and Product Owner. • Produce and maintain technical documentation covering architecture, pipelines, monitoring, security, and disaster recovery. • Conduct knowledge transfer and mentoring sessions for staff and contractor teams. • Support Business Continuity and Disaster Recovery (BCDR) planning, documentation, and exercises. • Ensure all deliverables comply with ADA, Section 508, WCAG 2.2 A/AA, and digital accessibility standards.

Public Trust Eligibility Required This is a contingent position, meaning employment is dependent upon the successful award of the associated contract to Aretum and completion of any required background investigation or security clearance verification.  About Aretum  Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront.  Job Summary  Aretum is seeking a skilled and motivated Sr. DevSecOps Engineer. As a Sr. DevSecOps Engineer you will provide your insight and expertise relating to the client's cloud and systems operations and management. Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements.   Responsibilities - Design, operate, and continuously improve automated CI/CD pipelines using GitLab CI to support zero-downtime deployments across multiple environments. - Support development teams with standardized deployment tooling, automation, and operational best practices. - Produce monthly CI/CD pipeline performance reports, identifying risks, trends, and optimization opportunities. - Administer and support containerized workloads using Kubernetes (EKS) and Docker-based container platforms. - Configure and manage Linux-based servers and systems. - Implement Infrastructure as Code (IaC) using Terraform and/or AWS CDK for repeatable, auditable deployments. - Support provisioning and configuration of AWS services including EC2, EKS, ECS, S3, RDS, VPC, Lambda, and related services. - Coordinate infrastructure changes without performing AWS account provisioning or organizational administration. - Integrate security scanning into CI/CD pipelines using tools such as Trivy, AWS Inspector, and AWS Security Hub. - Perform vulnerability triage and coordinate remediation with development teams in accordance with defined timelines. - Implement and manage IAM least-privilege policies, secrets, and encryption using AWS KMS, Secrets Manager, and SSM. - Ensure encryption in transit and at rest across all in-scope systems. - Configure and maintain monitoring and observability using CloudWatch, Prometheus, Grafana, and centralized logging solutions. - Support Tier 2 and Tier 3 incident response for production systems, meeting SLA requirements. - Participate in root-cause analysis and continuous improvement initiatives. - Participate in Agile sprints, including backlog grooming, sprint planning, stand-ups, and retrospectives. - Track work in JIRA, using story-point estimation and sprint metrics. - Support reprioritization of backlog items in coordination with the COR and Product Owner. - Produce and maintain technical documentation covering architecture, pipelines, monitoring, security, and disaster recovery. - Conduct knowledge transfer and mentoring sessions for staff and contractor teams. - Support Business Continuity and Disaster Recovery (BCDR) planning, documentation, and exercises. - Ensure all deliverables comply with ADA, Section 508, WCAG 2.2 A/AA, and digital accessibility standards.

• Collaborate with a diverse team of software engineers, engaging in iterative processes and effective task planning to drive our projects forward. • Take ownership of the availability, scalability, and performance of our services, to proactively identify issues, and implement automation to prevent the recurrence of problems. • Participate in the on-call rotation, responding to incidents and working with the team to restore service and prevent recurrence. • Contribute to automating infrastructure provisioning, configuration, and management using IaC principles with tools like Terragrunt and Ansible. • Help design and enhance monitoring, logging, and alerting systems to improve observability and ensure system health. • Participate in blameless post-mortems, documenting issues, and following up on action items to foster a culture of learning and continuous improvement. • Foster collaboration with other engineering teams, promoting the reuse of existing frameworks and gaining insights into their operation. • Stay current with industry trends, emerging technologies, and best practices in SRE, DevOps, and automation.