DevOps Infrastructure Engineer

Job Family:

Travel Required:

Clearance Required:

Guidehouse is seeking a DevOps / Infrastructure Engineer cloud developer to join our Technology / AI and Data team supporting mission-critical initiatives for Defense and Security this role you will lead the design deployment and automation of secure scalable cloud infrastructure that powers advanced AI-driven platforms. You will architect solutions leveraging containerized environments GPU-accelerated clusters and high-throughput pipelines while implementing robust DevSecOps practices to ensure compliance with stringent federal security and regulatory standards. Collaborating with engineers architects and mission stakeholders you will deliver innovative cloud capabilities that enable reliable high-performance workflows in support of national security objectives.

What You Will Do:

• Serves as the lead cloud and DevOps engineer responsible for architecting deploying securing automating and monitoring AWS GovCloud infrastructure supporting the FBI adjudication AI platform.

• Leads development of GPU-accelerated EKS clusters secure containerized model-serving environments distributed inference gateways vector databases and high-throughput ingestion pipelines.

• Owns the platforms DevSecOps toolchain including CI/CD automation IaC secure pipelines logging/monitoring integrations and identity-boundary enforcement aligned with federal requirements.

• Ensures full FedRAMP High RMF and FBI ATO alignment across infrastructure controls logging coverage network segmentation encryption monitoring and boundary configurations.

Cloud Architecture & AWS GovCloud Engineering

• Design deploy and maintain secure AWS GovCloud architectures supporting LLM inference retrieval services vector databases backend APIs and large-scale document processing pipelines.

• Build and manage GPU-accelerated EKS clusters including autoscaling node groups GPU scheduling operators and optimization for high-performance inference workloads.

• Architect multi-AZ high-availability patterns including health checks failover mechanisms and distributed storage strategies.

• Implement VPC designs including private subnets NAT gateways VPC endpoints NACLs SGs and traffic inspection layers supporting zero-trust boundaries.

DevSecOps Engineering Automation & IaC

• Develop CI/CD pipelines automating build scan test deploy and rollback processes for AI services APIs UI applications and data pipelines.

• Use Terraform/CloudFormation for automated provisioning of networks clusters storage identity boundaries and monitoring components.

• Embed SAST SCA IaC scanning container scanning dependency checks and image attestation into pipelines to enforce supply chain security.

• Automate promotion workflows across dev staging and production environments under controlled change-management policies.

Security Compliance & ATO Alignment

• Implement NIST 800-53 FedRAMP High RMF and CJIS controls across encryption identity management logging monitoring container hardening and network segmentation.

• Configure KMS key hierarchies secrets management token-scoped identities certificate rotation and workload identity policies.

• Develop logging and monitoring pipelines using CloudTrail CloudWatch GuardDuty Config Rules and SIEM integrations.

• Support SSP documentation boundary diagrams control-implementation statements and continuous monitoring filings for the FBI ATO process.

LLM Infrastructure & High-Performance Compute

• Deploy and tune GPU compute environments using G-series or P-series instances optimized for hosting open-weight LLMs and retrieval workloads.

• Enable LLM-serving frameworks (vLLM TGI Sagemaker DeepSpeed-based endpoints) with secure gateways and autoscaling rules.

• Support vector databases (FAISS pgvector Elasticsearch) embedding pipelines retrieval services and memory-optimized storage.

• Optimize I/O throughput caching and container networking for large-scale investigative document ingestion.

Operations Observability & Reliability

• Implement observability via metrics traces logs health checks SLOs/SLIs and operational dashboards.

• Improve reliability using circuit breakers retry/backoff logic blue/green deployments canary rollouts and automated remediation workflows.

• Develop automated patching hardened AMIs OS-level security profiles container runtime protections and dependency management routines.

• Ensure highly available infrastructure for adjudication workflows and continuous-vetting operations.

Collaboration Leadership & Mission Enablement

• Collaborate closely with AI/ML engineers backend developers security engineers and the Solutions Architect to ensure infrastructure aligns with platform requirements.

• Mentor engineers in AWS GovCloud operations Kubernetes DevSecOps IaC engineering and cloud security best practices.

• Participate in sprint planning architecture reviews troubleshooting sessions and mission-support activities.

• Ensure infrastructure performance scalability and reliability enable adjudicators to efficiently process high-volume investigative workloads.

What You Will Need:

• An ACTIVE and MAINTAINED TOP SECRET Federal or DoD securityclearance and obtained and maintain TS/SCI clearance.

• Minimum of Six (6) years of cloud/DevOps/infrastructure engineering experience with 4 years in AWS (GovCloud preferred).

• Bachelor s Degree or Four (4) additional Years of experience in lieu of degree.

• Expertise with Kubernetes/EKS GPU node management Terraform/CloudFormation CI/CD automation Docker and cloud security practices.

• Experience supporting systems requiring FedRAMP High RMF CJIS or similar accreditation frameworks.

• Ability to collaborate across multi-disciplinary engineering teams and deliver solutions in high-security mission environments.

What Would Be Nice To Have:

• AWS Solutions Architect Professional DevOps Engineer Professional or Security Specialty certifications.

• Experience deploying or scaling AI/ML or LLM workloads in cloud environments.

• Experience with vector databases embedding pipelines retrieval architectures or RAG infrastructure.

• Experience supporting FBI IC DoD DHS or other national security programs.

• Experience designing zero-trust architectures air-gapped deployments or SCIF-compatible cloud solutions.

What We Offer:

Guidehouse offers a comprehensive total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.

Benefits include:

• Medical Rx Dental & Vision Insurance

• Personal and Family Sick Time & Company Paid Holidays

• Parental Leave

• 401(k) Retirement Plan

• Group Term Life and Travel Assistance

• Voluntary Life and AD&D Insurance

• Health Savings Account Health Care & Dependent Care Flexible Spending Accounts

• Transit and Parking Commuter Benefits

• Short-Term & Long-Term Disability

• Tuition Reimbursement Personal Development Certifications & Learning Opportunities

• Employee Referral Program

• Corporate Sponsored Events & Community Outreach

• annual membership

• Employee Assistance Program

• Supplemental Benefits via Corestream (Critical Care Hospital Indemnity Accident Insurance Legal Assistance and ID theft protection etc.)

• Position may be eligible for a discretionary variable incentive bonus

About Guidehouse

Guidehouse is an Equal Opportunity EmployerProtected Veterans Individuals with Disabilities or any other basis protected by law ordinance or regulation.

Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.

If you have visited our website for information about employment opportunities or to apply for a position and you require an accommodation please contact Guidehouse Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.

All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @ or . Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.

If any person or organization demands money related to a job opportunity with Guidehouse please report the matter to Guidehouses Ethics Hotline. If you want to check the validity of correspondence you have received please contact . Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicants dealings with unauthorized third parties.

Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.