DevSecOps Engineer-Experienced

Oshkosh Corporation•New Hudson, MI

1d•Onsite

About The Position

Pratt Miller is a product development company in motorsports, defense, and mobility industries providing clients with product engineering and low-volume production solutions. Our range of research & development, engineering, prototype manufacturing, test & validation, and low-rate production capability help our customers bring their high-quality products to market faster. The DevSecOps Engineer is responsible for implementing secure development pipelines, automation frameworks, and compliant infrastructure to support defense programs operating under CMMC Level 2 and NIST 800-171/172 requirements. This role integrates security controls into cloud and on-prem environments, supports continuous monitoring and vulnerability management, and ensures systems hosting Controlled Unclassified Information (CUI) meet mission-critical performance and cybersecurity standards. This is a hands-on position that will work closely with software, IT, and security teams to deliver resilient, secure, and auditable solutions across defense projects.

Requirements

Strong documentation skills for configurations, compliance evidence, and SOPs.
Ability to clearly explain complex security concepts to both technical and non-technical audiences.
Self-starter with a security-first mindset and the ability to manage multiple projects with minimal supervision.
Collaborative and communicative, with consistent effectiveness working across disciplines.
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field; advanced degree preferred.
Must meet the requirements for obtaining a U.S. Government clearance; active Secret or higher clearance preferred.
Experience developing and maintaining secure CI/CD pipelines using GitLab, Jenkins, or Azure DevOps.
Experience implementing automated security testing tools (SAST, DAST, SCA) and vulnerability management systems.
Experience with CMMC Level 2 or NIST 800-171 compliance in defense or government environments.
Experience managing secure infrastructure in AWS GovCloud, Azure Government, or on-prem DoD-accredited environments.

Nice To Haves

Deep understanding of DevSecOps principles, CI/CD, and automation frameworks.
Expertise in network architecture and security (TCP/IP, VLANs, VPNs, firewalls, IDS/IPS systems).
Active Directory and Group Policy administration for secure identity and access management.
Experience implementing zero-trust and least-privilege access models.
Knowledge of cloud security configurations, infrastructure-as-code (Terraform, Ansible), and container orchestration (Docker, Kubernetes).
Familiarity with CMMC Level 2, DFARS 252.204-7012, and DoD cybersecurity frameworks.
Networking/Infrastructure/Security: TCP/IP, VLAN, VPN, DNS, zero-trust networking; firewalls; IDS/IPS; endpoint protection; Active Directory/Azure AD; log aggregation and monitoring (Prometheus, Kibana, Splunk, Jaeger).
DevSecOps / Automation Tools: GitLab, Jenkins, Azure DevOps, Nexus, Ansible, Terraform; Docker and Kubernetes; SAST/DAST/fuzz testing/SBOM tools; OpenTelemetry; Prometheus; collaboration tools including MatterMost and Jira/Atlassian.
Cloud Platforms: AWS GovCloud (EC2, Lambda, Route 53, ECR, CloudTrail); Azure Government (Virtual Machines, IoT Hub, Functions, CosmosDB, Azure Security Center).

Responsibilities

Responsible for the design, implementation, and maintenance of secure DevSecOps infrastructure and delivery pipelines to support defense programs under CMMC Level 2 compliance.
Implement security controls and automation within CI/CD pipelines using GitLab and related DevSecOps tooling.
Ensure adherence to secure coding practices, compliance with NIST SP 800-171/172, and CMMC Level 2 cybersecurity standards across software development and infrastructure management.
Collaborate with defense software and cybersecurity teams to integrate automated testing, vulnerability management, and secure deployment strategies into cloud and on-prem environments.
Assist in identifying technologies and tools that enhance security posture, automation, and compliance monitoring capabilities.
Maintain a customer-focused view of system security and DevSecOps process effectiveness across defense project initiatives.
Participate in technical and compliance reviews with customers and stakeholders to ensure systems meet mission-critical availability, reliability, and security requirements.
Research and implement new technologies, security tools, and methodologies to enhance automation, compliance, and system resilience.
Stay informed on evolving DoD cybersecurity standards, cloud governance models, and zero-trust architectures to ensure continuous compliance.
Work across multidisciplinary engineering and IT teams, integrating security controls within development and operational environments.
Collaborate with network, software, and security engineers to ensure end-to-end protection of systems hosting Controlled Unclassified Information (CUI).
Participate in design and code reviews, infrastructure planning meetings, and post-implementation security assessments.
Work effectively with remote and hybrid teams using collaboration tools such as MatterMost and GitLab.
Demonstrate strong analytical thinking and problem-solving skills with the ability to address complex infrastructure and cybersecurity challenges.
Leverage automation and monitoring to proactively identify and resolve performance or compliance issues within DevSecOps pipelines.