DevOpsSec Engineer

About The Position

Requirements

• 2+ years of hands-on experience with Kubernetes in production environments
• Demonstrated experience deploying and managing applications via Helm in multi-environment configurations
• Working knowledge of Istio, OPA Gatekeeper, Kyverno, or equivalent Kubernetes policy and service mesh tooling
• Experience with at least one major CI/CD platform: GitLab CI, GitHub Actions, Jenkins, or equivalent
• Hands-on experience with AWS and/or Azure cloud platforms, including IAM, networking, storage, and managed Kubernetes services (EKS, AKS)
• Experience with container image workflows: building, scanning, hardening, and distributing images via OCI registries
• Familiarity with monitoring and observability tools including Prometheus, Grafana, and/or Datadog
• Experience with Single Sign-On (SSO) and identity federation; familiarity with Keycloak or equivalent OIDC/SAML providers
• Active DoW security clearance (Secret or higher)

Nice To Haves

• Experience with Iron Bank, Registry1, Platform One, or Big Bang-based software factory environments
• Familiarity with GitLab Ultimate features including security dashboards and dependency scanning
• Experience supporting Air Force, Space Force, Navy, or other military branch programs
• Exposure to software supply chain security tooling: Sigstore/cosign, vulnerability scanners, SBOM generation, and compliance scanning tools
• Prior work in cATO, continuous authorization, or Ongoing Authorization environments
• CKA, CKS, AWS GovCloud certifications, or equivalent credentials
• Experience with AWS GovCloud and/or Azure Government
• Understanding of DoD compliance frameworks: NIST 800-53, STIGs, RMF, FedRAMP

Responsibilities

• Design and maintain Kubernetes-based infrastructure, including cluster provisioning, RBAC configuration, network policy, and workload management
• Package and deploy applications using Helm charts; maintain chart repositories and manage release lifecycle across environments
• Implement and enforce policy controls using Istio service mesh, OPA Gatekeeper, Kyverno, and related Kubernetes admission controllers
• Build and maintain CI/CD pipelines using GitLab CI, GitHub Actions, Jenkins, or equivalent tooling; integrate automated security scanning and compliance gates
• Deploy and operate workloads on AWS GovCloud and Azure Government; architect for high availability, disaster recovery, and cross-region compliance requirements
• Manage and harden container images; integrate with Iron Bank, Platform One, and other DoW-approved registry sources
• Configure and maintain observability stacks including Prometheus, Grafana, and Datadog; develop alerting, dashboards, and SLO frameworks
• Participate in ATO processes, support STIG/CIS compliance scanning, and contribute to System Security Plans (SSPs) and documentation artifacts
• Collaborate with development, security, and program teams to establish and refine DevSecOps practices across the software delivery lifecycle
• Support air-gapped and classified environment deployments; design solutions for offline image transfer, registry mirroring, and artifact management
• Coordinate with government platform teams and managed service providers to integrate and sustain vendor tooling within approved DoD software factories

Benefits

• Standard + Extended Federal Contractor Benefits