DevOps Integration Engineer

About The Position

Requirements

• Experience integrating security controls and RMF requirements into DevSecOps pipelines.
• Strong understanding of RMF, NIST SP 800‑53 Rev. 4/5, 8500.01, and continuous monitoring practices.
• Hands-on experience with CI/CD tools (e.g., GitLab CI, Jenkins, GitHub Actions, Azure DevOps).
• FedRAMP Moderate compliance experience.
• Zero Trust Maturity Level 2 implementation.
• Azure Government (Sentinel, Defender, WAF, DDoS Protection, Key Vault).
• IATO/ATO documentation support.
• PIA and SORN familiarity.
• CI/CD pipeline security scanning (SAST, DAST, SCA).
• Infrastructure as Code (Bicep/Terraform).
• Familiarity with SIEM, vulnerability management platforms, and continuous monitoring technologies.
• Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field.
• Ability to collaborate with ISSMs, ISSOs, system owners, and engineering teams.
• Strong documentation, communication, and stakeholder engagement skills.
• Understanding of federal IT compliance standards, including Section 508, FISMA, and FEDRAMP.
• Ability to identify, address, and mitigate security risks in collaboration with technical teams.
• Must be able to pass background screening prior to employment.
• US Citizenship, legal permanent residence, or US work authorization with a minimum of 3 years of US presence is required due to federal contract requirements.
• Reliable internet (50 Mbps down / 25 Mbps up) and a secure remote work environment.

Nice To Haves

• Experience supporting or implementing continuous ATO (cATO) frameworks.
• Knowledge of cloud security (AWS, Azure, Cloud environments).
• Experience with infrastructure-as-code (Terraform, Ansible, CloudFormation).
• Security certifications such as CISSP, CCSP, Security+, or equivalent certifications.

Responsibilities

• Integrates CI/CD pipelines into RMF processes, enabling automated compliance validation, implementation of security controls, and real-time security scans for continuous ATO.
• Leads the integration of RMF compliance into DevSecOps pipelines to support automated compliance validations and facilitate cATO workflows.
• Designs CI/CD workflows including automated security scans, continuous monitoring activities, and vulnerability remediations integrated into development cycles.
• Aligns DevSecOps team efforts with RMF compliance objectives, embedding security controls into testing and deployment pipelines.
• Develops playbooks or processes for transitioning from traditional ATO to cATO, helping teams operationalize real-time compliance checks.
• Proposes tools and techniques to enhance automation maturity for security controls, risk assessments, and compliance validation.
• Other duties as assigned.