DevOps Security Engineer

CACI International•Cary, NC

About The Position

Join our team as a DevSecOps‑focused Security Engineer and play a key role in strengthening the security and resilience of critical defense systems. In this position, you will help modernize our Authorization to Operate (ATO) process by transitioning it to a continuous model, ensuring systems remain secure, compliant, and mission-ready. You’ll work across the full Risk Management Framework (RMF) lifecycle, support cloud-based system development, and collaborate closely with engineering teams to integrate security into every phase of delivery. This is a high-impact opportunity for someone who thrives in a dynamic environment and is passionate about advancing modern cybersecurity practices in support of national defense.

Requirements

Active DoD TS/SCI clearance with polygraph
Minimum 7 years of experience with RMF, JSIG, or ICD 503 processes
Bachelor’s degree in computer science, IT, Cybersecurity, Engineering, or a related field
Experience with vulnerability scanning, STIG compliance, SCAP, and SIEM technologies
Knowledge of Infrastructure‑as‑Code and scripting tools such as Ansible, Terraform, PowerShell, or Bash
At least 3 years administering DoD cloud environments

Nice To Haves

Prior DoD cybersecurity engineering experience
Familiarity with enclave architectures and mission system designs
Strong communication skills and ability to collaborate with program managers, developers, and system administrators
Vendor‑neutral or cloud‑security certifications (e.g., CCSP, CompTIA Cloud+, AWS Security)
Experience with SIEM platforms such as Splunk and conducting log analysis
Background in RMF and/or FEDRAMP

Responsibilities

Develop and implement DevSecOps pipeline policies that embed security throughout the software development lifecycle and support continuous authorization.
Manage the RMF lifecycle for DoD cloud environments, tracking risks, accreditation status, and documentation.
Prepare and maintain security documentation, including System Security Plans (SSP), Test Plans (STP), and Plans of Action and Milestones (POA&M).
Partner with cross-functional teams to ensure security considerations are integrated from design through deployment, providing expert guidance to engineers and program stakeholders.
Conduct Test and Evaluation (T&E); validate physical controls; review hardware/software inventories; analyze system topology and data flows; and perform on-site assessments.
Lead efforts to modernize ATO processes, aligning them with current industry standards and enabling a continuous ATO approach.
Stay up-to-date on cybersecurity threats, technologies, policies, and cloud trends; recommend improvements to strengthen the security posture of DoD cloud systems.