DevSecOps Engineer

Job summary

Seeking an experienced DevSecOps Engineer to design, test, and program critical applications for clients. This role involves integrating and enhancing security in software delivery pipelines, evolving CI/CD pipelines with automated security tools, and collaborating with various teams to support secure software delivery. The position offers opportunities for continuous learning and professional development.

Benefits

Qualifications

• Five or more years of experience in cybersecurity engineering and DevSecOps in federal or defense environments employing IaC/CaC, CI/CD, and SSDLC concepts.
• Three or more years of experience in scripting, including Python or Bash, and automation frameworks.
• Two or more years of experience implementing cybersecurity solutions in AWS cloud and container orchestration, including Kubernetes.
• Knowledge of best practice cybersecurity and threat-based cybersecurity frameworks, including AI or ML security best practices.
• Knowledge of NIST SP 800-53 controls, RMF compliance, eMASS, STIG Manager, STIG Viewer, and SCAP tools.
• Knowledge of Agile and Change Management methodologies.
• Top Secret clearance.
• Bachelor’s degree in Cybersecurity or Computer Science.
• Security+ Certification.
• Three or more years of experience reviewing code samples and applying whitelisting or exemption processes (preferred).
• Experience developing Zero Trust security solutions for DevSecOps pipelines (preferred).
• Experience evaluating security tools and assessing fit for inclusion in Development or Operational environments (preferred).
• Excellent verbal, technical writing, and documentation skills (preferred).
• TS/SCI clearance (preferred).
• Master’s degree in an IT or Cybersecurity field (preferred).
• AWS Solutions Architect, AWS Security, or CISSP Certification (preferred).

Responsibilities

• Apply DevSecOps expertise to integrate and enhance security into software delivery pipelines.
• Serve as a technical expert, using secure development practices and delivering continuous improvement across the CI/CD ecosystem.
• Evolve and secure CI/CD pipelines by integrating automated security tools such as SAST, DAST, SCA, and container scanning to meet DoD requirements and reduce operational risk.
• Enhance DevSecOps pipelines by refining vulnerability detection thresholds, tuning scanners, reducing false positives, and optimizing remediation workflows.
• Harden Infrastructure-as-Code (IaC) templates, enforce policy-as-code across environments, conduct risk assessments, and contribute to system security plans (SSPs) and continuous authority to operate (ATO) efforts.
• Collaborate with development, operations, and security teams to support secure software delivery.
• Monitor pipeline activity for anomalies and assist in responding to security incidents.
• Champion Zero Trust principles and drive adoption of secure-by-design methodologies across the software development lifecycle (SDLC).

Skills

Certifications

Degrees

Security clearance

Relocation