Government DevOps Engineer - USA

HERE is seeking a Government focused DevOps Engineer to join our team! The primary responsibilities for this role will span CI/CD pipeline engineering and cloud operations, maintaining and improving our GitHub CI/CD pipelines, and supporting our AWS cloud infrastructure. In this role, you will grow your hands-on experience with real production build systems and cloud platforms- while having the opportunity to work on practical projects that directly impact both our development velocity and operational reliability. You will play a vital role in ensuring our infrastructure complies with federal standards, directly supporting the delivery of our secure browser environment to public sector clients.

We're actively evolving toward a cloud-agnostic, multi-cloud architecture and migrating to Kubernetes for container orchestration. While current AWS and ECS experience is essential, having exposure to Azure, GCP, and Kubernetes will position you well for our infrastructure roadmap.

Responsibilities

• CI/CD Pipeline Development:

• Build, maintain, and optimize CI/CD pipelines for multi-platform builds (Windows, macOS, Linux).
• Work with YAML configurations, pipeline stages, artifacts, and deployment workflows.
• Integrate security and vulnerability scanning tools directly into the CI/CD pipeline to support automated compliance validations (DevSecOps).

• Cloud Infrastructure Operations:

• Help maintain and improve AWS infrastructure including ECS/Fargate deployments, RDS databases, Route53 DNS, VPC networking, and IAM policies.
• Support multi-tenant, multi-region, and highly isolated or public-sector specific cloud architectures (e.g., AWS GovCloud deployments).

• Container & Deployment Management:

• Work with Docker containers, ECS task definitions, and ECR registries.
• Deploy and manage containerized Node.js applications in production environments.
• Assist in the implementation of hardened container base-images aligned with federal or highly-regulated industry security benchmarks.

• Release Management:

• Help manage release processes including version promotion, release channels (canary, beta, stable), and automated deployment to staging and production environments.

• Database Operations:

• Support PostgreSQL on AWS RDS-backups, SSH tunneling through bastion hosts, read-only user management, and database configuration for multi-tenant environments.

• Automation & Scripting:

• Write and maintain automation scripts in Bash, PowerShell, Python, and Node.js.
• Build tools to improve infrastructure reliability and developer experience.

• Internal Tools Support:

• Help maintain web-based DevOps tools built with Express.js, React, and TypeScript-tools for cloud settings management, tenant provisioning, and deployment monitoring.

Do you have experience in YAML?, Ideally 2 to 4 years of experience with the following core requirements:

• GitLab CI/CD: Experience with GitLab CI/CD pipelines-YAML configuration, stages, jobs, artifacts, rules, dependencies.
• Understanding of CI/CD best practices and pipeline optimization.
• AWS Cloud Fundamentals: Production level experience with core AWS services-EC2, ECS/Fargate, RDS, Route53, VPC, IAM, Secrets Manager, CloudWatch. Comfortable navigating the AWS Console and CLI.
• Multi-Platform Scripting: Solid scripting skills in Bash (Linux) and PowerShell (Windows). Ability to write maintainable automation scripts for both platforms.
• Containerization: Hands-on Docker experience-building images, writing Dockerfiles, docker-compose, understanding container networking, and working with ECS/ECR.
• Build Systems: Experience with build tools and package managers-npm/Node.js, .NET/NuGet, Python packaging. Understanding of dependency management and build artifacts.
• Version Control: Strong Git fundamentals-branching strategies, merge requests, tagging. Experience with GitHub (or GitLab) workflows and code review practices.
• Linux/Unix & Windows: Comfortable in both environments-SSH, file permissions, package managers, systemd, PowerShell. Understanding of cross-platform operational challenges.
• Node.js/JavaScript: Comfortable reading and writing JavaScript/Node.js code. Experience with npm, package.json, and basic Express.js applications for tooling.
• Functional knowledge of federal compliance frameworks like FedRAMP, NIST SP 800-53, DISA STIGs, or DoD Cloud SRG (IL4-IL6).
• U.S. citizenship is mandatory; holding an active Secret clearance is preferred, or the ability to obtain one as required.
• Ability to function effectively under stringent change control processes, regular auditing, and detailed documentation standards.

Nice to Have

• Kubernetes experience (EKS, GKE, AKS) or willingness to learn, we're migrating from ECS to K8s
• Multi-cloud experience (Azure, GCP) or cloud-agnostic architecture knowledge
• GitLab Runner administration and configuration
• AWS CDK or CloudFormation for Infrastructure as Code
• Terraform for multi-cloud infrastructure management
• TypeScript development experience
• PostgreSQL database administration and optimization
• .NET build systems and NuGet package management
• React or frontend framework experience
• Airflow or workflow orchestration tools
• Helm charts and Kubernetes manifest management
• Familiarity with FIPS 140-2/3 cryptographic compliance standards.
• Hands-on experience with GitHub Actions administration and environment scaling.
• Exposure to enterprise secret management tools like HashiCorp Vault or CyberArk.
• Direct support of ATO (Authority to Operate) processes and eMASS documentation.

138 W 25th St Ste 900, New York, NY 10001 Hybrid work $145,000 - $185,000 a year, Pulled from the full job description

• Paid parental leave
• Parental leave
• 401(k)
• Health insurance
• Paid time off
• Flexible spending account
• Stock options, * Generous Paid Time Off, Paid Holidays & Sick Time
• Competitive & Comprehensive Health Insurance
• Thoughtfully-Planned Paid Parental Leave
• Financial Well-Being Plans (FSA) (401k) (Life Insurance)
• Stock Options
• Professional Development Courses
• Employee Resource Groups

Additional Perks -

• One Medical - Free Membership
• Talkspace - Mental Health Therapy 24/7
• Team Lunches
• Casual dress code
• Commuter Benefits (NYC employees only)
• Citibike (NYC employees only)

Powered by Chromium, HERE Enterprise Browser combines enterprise-grade security, seamless productivity, and native AI integration in one secure, intelligent workspace. Designed for regulated industries, HERE offers deep policy controls, identity-based access, secure workspace isolation, and full interoperability across SaaS, legacy, and virtualized environments. Our platform enables teams to work faster, more securely, and more intelligently-without compromise. HERE technology is trusted by 90% of global banks and also used within the U.S. Intelligence Community and other sectors. We're backed by some of the world's most respected financial institutions and venture firms, including Bain Capital Ventures, Bank of America, J.P. Morgan, Wells Fargo and IQT, the not-for-profit strategic investor that accelerates the introduction of groundbreaking technologies to enhance the national security of America and its allies.