DevSecOps Engineer, Staff

Job summary

Design, implement, and maintain secure, automated software delivery pipelines for U.S. defense acquisition programs. This role requires strong Linux expertise, hands-on experience with modern DevSecOps practices, and a solid understanding of DoD acquisition environments, processes, and security requirements. Collaborate with development, security, and operations teams to ensure mission-critical systems are built, tested, and deployed securely and reliably.

Qualifications

• 3-5 years experience in classified or air-gapped environments and with cross-domain or disconnected DevSecOps workflows.
• Secret Clearance REQUIRED.
• Hands-on experience with DoD Enterprise DevSecOps platforms.
• Hands-on experience with Secrets management tools.
• Hands-on experience with Cloud platforms and hybrid/multi-cloud environments in a government context.
• Relevant certifications, such as Security+ CE, CISSP, CASP+, or other DoD 8570/8140 certifications.
• Red Hat (RHCSA/RHCE), Linux Foundation (CKA/CKAD), or similar DevOps/Cloud certifications (e.g., AWS/Azure DevOps Engineer, CNCF).
• Experience with Agile/Scrum or SAFe in defense programs.
• Strong written and verbal communication skills, including the ability to document architectures, pipelines, and security controls clearly for technical and non-technical stakeholders.
• Ability to work collaboratively in a multi-disciplinary, multi-contractor environment.
• Demonstrated problem-solving skills and ownership mindset in highly regulated, mission-critical contexts.

Responsibilities

• Design, implement, and maintain secure, automated software delivery pipelines.
• Design, implement, and maintain CI/CD pipelines to automate build, test, security scanning, and deployment processes.
• Integrate security tools into the pipeline and enforce “shift-left” security practices.
• Develop and maintain Infrastructure as Code (IaC).
• Implement and manage configuration management and environment provisioning.
• Administer and harden Linux-based systems in accordance with DoD security standards.
• Manage system services, networking, access controls, logging, and system monitoring on Linux platforms.
• Troubleshoot performance, reliability, and security issues on Linux servers, containers, and virtual machines.
• Build and maintain containerized workloads and orchestrated environments.
• Implement and maintain security controls in line with DoD and federal requirements.
• Support Authority to Operate (ATO) activities by producing required DevSecOps and system artifacts.
• Collaborate with ISSOs, security engineers, and program managers to ensure continuous compliance and vulnerability remediation.
• Implement monitoring, alerting, and logging solutions to support security operations and incident response.
• Work within the constraints and requirements of DoD acquisition lifecycle frameworks.
• Align DevSecOps practices with program milestones, deliveries, and documentation expectations.
• Participate in technical reviews, risk assessments, and planning sessions with program stakeholders and government customers.
• Provide technical input to acquisition artifacts such as System Engineering Plans, Test Plans, and Cybersecurity Strategies.
• Partner with developers, system engineers, cybersecurity, and program management to define secure architecture patterns and deployment strategies.
• Champion DevSecOps best practices, secure coding standards, and continuous improvement across the team.
• Mentor junior engineers and contribute to internal standards, templates, and playbooks.

Skills

Relocation