DevOps Engineer 3

Solicitation Reference Number

phone number removed)

Customer Name

Texas Comptroller of Public Accounts

Category

Applications / Software Development

Customer Entity Name

Comptroller of Public Accounts

Title

DevOps Engineer

Level

DevOps Engineer 3

Posted Date

7 / 15 / 2024

Estimated Hours

1,920

SSR Status

Posted

Number of Positions

Status

of Resumes Allowed

Candidates Submitted

Full / Part Time

Full Time

IT STAFFING SERVICES SOLICITATION UNDER

DEPARTMENT OF INFORMATION RESOURCES

IT STAFF AUGMENTATION CONTRACT (ITSAC)

RFO DIR-CPO-TMP-445

Solicitation Reference Number : (phone number removed)

Working Title : DevSecOps Engineer 3

Title / Level : DevOps Engineer 3

Category : Applications / Software Development

Full Time

I. DESCRIPTION OF SERVICES

Texas Comptroller of Public Accounts requires the services of 2 DevOps Engineer 3, hereafter referred to as Candidate(s), who meets the general qualifications of DevOps Engineer 3, Applications / Software Development and the specifications outlined in this document for the Texas Comptroller of Public Accounts.

All work products resulting from the project shall be considered "works made for hire " and are the property of the Texas Comptroller of Public Accounts and may include pre-selection requirements that potential Vendors (and their Candidates) submit to and satisfy criminal background checks as authorized by Texas law.

Texas Comptroller of Public Accounts will pay no fees for interviews or discussions, which occur during the process of selecting a Candidate(s).

The Worker will perform highly advanced DevSecOps related work as part of a cross-functional team under the direction and guidance of the Shared Application Services manager.

The Worker must have strong hands-on professional software development, cybersecurity, and / or IT operations experience building, testing, and deploying secure production applications and systems using continuous integration and continuous delivery / deployment (CI / CD) pipelines in a large-scale enterprise environment.

The worker will be responsible for integrating security measures into our DevOps processes, automating security controls in CI / CD pipelines, monitoring applications and infrastructure for security vulnerabilities, and conducting regular security assessments.

The worker will also provide training on secure coding practices and stay updated on new security technologies. They should have expertise in a variety of DevOps tools, knowledge of DevOps automation, and strong experience with Linux administration, containerization technologies, and microservices architecture.

The worker is expected to proactively address potential security risks and performance issues to ensure the security, stability, and efficiency of our CI / CD pipelines.

CPA will require the Worker to work on the following initiatives and will perform advanced tasks such as :

CI / CD Modernization and automation of the entire pipeline from code check-in to deployment utilizing industry best practices such as Infrastructure as Code (IaC), Configuration as Code (GitOps), and Blue-Green and Canary Deployment Strategies.

Implement "Shift Left " security approach by integrating security tools and automating security checks and compliance into the CI / CD pipeline.

Monitoring and Observability to provide comprehensive monitoring, logging, and alerting for the CI / CD pipeline.

Participating in all phases of SDLC.

Performing extensive code reviews and analysis.

Writing reports on code analysis to determine if industry standards and secure coding best practices are being followed; provide analysis to address found short comings.

Providing guidance and knowledge sharing to existing development staff.

Number of Resumes allowed per Vendor : 2

II. CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements :

Candidates that do not meet or exceed the minimum stated requirements (skills / experience) will be displayed to customers but may not be chosen for this opportunity.

Years

Required / Preferred

Experience

Required

Professional experience in DevOps engineering, Software Development, or related field

Required

Experience with programming languages such as Java and .NET

Required

Experience with scripting languages such as Bash, Python, and PowerShell to automate repetitive tasks such as monitoring, deployments, and configuration management

Required

Experience in Cybersecurity and implementing and automating security best practices into CI / CD pipelines

Required

Experience with security testing tools such as SAST, DAST, or IAST

Required

Experience setting up and managing Jenkins servers, creating and maintaining CI / CD pipelines, integrating with other tools (e.

g., Git, Maven, SonarQube), writing Groovy scripts for pipeline automation, and monitoring and optimizing Jenkins performance.

Required

Experience with Infrastructure as Code tools like Ansible, Terraform, or Chef

Required

Experience with containerization and orchestration tools such as Docker and Kubernetes

Required

Experience with automation of infrastructure provisioning and configuration management

Required

Experience with Maven in building and managing Java projects, maintaining POM files, troubleshooting build issues, dependency management and versioning, and integrating with CI / CD pipelines

Required

Experience with Artifactory set up, configuration, managing binary repositories, integrating with build tools (e.g., Maven and Jenkins), managing artifact lifecycle and versioning, and implementing security and access controls.

Required

Experience with microservices architecture, design, development and containerization and orchestration

Required

Experience with SQL and NoSQL databases

Required

Experience designing, developing, testing, integrating, and implementing secure REST APIs

Required

Experience with code reviews and in-depth code analysis

Required

Experience with highly complex application security requirements

Required

Experience with Git, Bitbucket, Subversion and version control systems

Required

Experience with SonarQube set up, configuration, integrating with CI / CD pipelines, and analyzing code quality and security vulnerabilities

Required

Experience with Jira and Confluence

Required

Experience with Agile teams

Required

Experience with coaching, training, mentoring and knowledge transfer

Preferred

Experience with cloud technologies and platforms such as AWS and Azure

Preferred

Experience working with legacy applications / services

Preferred

Experience in modern web technologies such as JavaScript, Node.js, React.js, Redux, HTML5, CSS3

Preferred

Public sector experience (Federal, State or Local Government)

Preferred

Proficient with the Microsoft Office products, including Outlook, TEAMS, Microsoft Project, Word, Visio, Excel and PowerPoint

III. TERMS OF SERVICE

Services are expected to start 09 / 09 / 2024 and are expected to complete by 08 / 31 / 2025. Total estimated hours per Candidate shall not exceed 1920 hours.

This service may be amended, renewed, and / or extended providing both parties agree to do so in writing.

IV. WORK HOURS AND LOCATION

Services shall be provided during normal business hours unless otherwise coordinated through the Texas Comptroller of Public Accounts.

Normal business hours are Monday through Friday from 8 : 00 AM to 5 : 00 PM, excluding State holidays when the agency is closed.

The primary work location(s) will be at 111 E 17th Street Austin, Texas 78711. The working position is Hybrid - On Site and Telework.

Any and all travel, per diem, parking, and / or living expenses shall be at the Candidate's and / or Vendor's expense. Texas Comptroller of Public Accounts will provide pre-approved, written authorization for travel for any services to be performed away from the primary work location(s).

Pre-approved travel expenses are limited to the rates and comply with the rules prescribed by the State of Texas for travel by its classified employees, including any requirement for original receipts.

The Candidate(s) may be required to work outside the normal business hours on weekends, evenings and holidays, as requested.

Payment for work over 40 hours will be at the hourly rate quoted and must be coordinated and pre-approved through Texas Comptroller of Public Accounts.

V. OTHER SPECIAL REQUIREMENTS

Must be able to :

develop and maintain CI / CD pipelines and automate building, testing, and deployment of software applications.

collaborate effectively with software engineers, operations staff, security teams, testers, and various stakeholders to identify and implement "shift left " security measures and best practices in the CI / CD pipelines.

design, test, and implement secure software development practices and standards in the CI / CD pipelines.

automate security controls, data protection, and vulnerability management systems in CI / CD pipelines.

continuously monitor applications and infrastructure for security vulnerabilities and performance issues and coordinate remediation efforts.

develop and / or implement tools to assist in detection, prevention, and analysis of security threats in the CI / CD pipelines.

troubleshoot and resolve issues in the CI / CD pipelines to minimize downtime and limit impact to developers and stakeholders

participate in incident response and forensic analysis of cybersecurity events.

conduct regular security assessments, audits, and compliance checks to ensure adherence to security standards in DevSecOps practices and CI / CD pipeline.

provide training and awareness to development and operations teams on secure coding practices and threat mitigation.

In coordination and alignment with Information Security Office, document and communicate security procedures and policies.

stay abreast of new security technologies, industry standards and best practices, and integrate them into the pipeline architecture and design where applicable.

be productive working independently or in a team environment (both local and remote) with minimal supervision.

Must possess :

knowledge of DevSecOps methodologies, concepts, and practices

knowledge of DevOps Automation

comprehensive technical expertise in a variety of DevOps tools, including Ansible, Jenkins, Maven, Artifactory, SonarQube, Xray, Checkmarx, Jira, BitBucket, Subversion, Git / Version Control Software, or comparable technologies.

familiarity with information security frameworks and standards such as NIST and OWASP Top 10.

strong understanding of Linux administration and scripting languages (e.g., PowerShell, Bash, Python)

experience with microservices architecture and cloud-native development.

experience with containerization and orchestration technologies like Docker and Kubernetes.

strong written, verbal, and interpersonal communication skills.

strong problem-solving skills and ability to multi-task with readiness to put in extra effort when necessary

the willingness to learn

Must perform other related work as assigned

On-call Requirement : Worker may be required to provide support to an on-call programmer.