DevSecOps Engineer, Senior

Noblis•Reston, VA

1d•Hybrid

About The Position

Noblis is seeking a highly experienced DevSecOps Engineer with an active Top Secret/SCI clearance and Polygraph to support mission-critical national security initiatives. In this role, you will be responsible for integrating security throughout the DevOps lifecycle, ensuring that security principles and controls are embedded at every stage of software development and deployment. You will work closely with development, operations, and security teams to identify and mitigate risks, close security gaps, and foster a culture of shared responsibility for security across the organization. The ideal candidate has hands-on experience designing and implementing secure CI/CD pipelines, automating security controls, and securing Kubernetes-based environments. In addition, you will serve as a technical leader, providing guidance and mentorship to junior engineers while driving DevSecOps best practices across the team.

Requirements

Active Top Secret/SCI (TS/SCI) clearance with a current Polygraph.
Bachelor’s degree with 8 years of related experience; OR Master's degree with 6 years of related experience; OR associate’s degree with 11 years of related experience; OR High School diploma/GED with 14 years of related experience.
Proficiency in programming languages such as Python, and scripting languages for automation tasks (e.g., Bash).
Familiarity with CI/CD tools (e.g., GitLab CI, GitHub Actions), container orchestration (e.g., Kubernetes, EKS), and infrastructure as code (e.g., Terraform, Ansible).
Skills in security cloud environments, including cloud service providers (e.g., AWS, Azure, GCP), and understanding of cloud-native security tools and practices.
Ability to identify security issues and vulnerabilities and develop effective solutions.
Ability to distill technical complexities into actionable guidance for development teams.
U.S. Citizenship is required

Nice To Haves

AWS Certification, including AWS Certified DevOps Engineer or AWS Certified Solutions Architect Certification
Hands-on experience implementing and managing policy enforcement tools such as OPA/Gatekeeper or Kyverno
Knowledge of SBOM generation, artifact signing (Cosign), and software supply chain provenance concepts
Familiarity with NIST SP 800-171 or CMMC expectations
Strong analytical and problem-solving skills, with the ability to diagnose and resolve complex security challenges across multiple technologies and environments

Responsibilities

Designing, building, maintaining, and optimizing CI/CD pipelines supporting automated build, test, security scan, and deployment processes.
Integrating automated testing, security scanning, and compliance validation into pipeline execution to support secure delivery practices.
Developing and managing IaC using Terraform or CloudFormation, implementing security guardrails and scanning to ensure compliance and prevent misconfigurations.
Implementing security best practices for Docker, Kubernetes, and EKS, including image hardening, admission controls, policy-as-code, and runtime security.
Partnering with teams to design and enforce AWS/Azure security guardrails, including IAM least-privilege, network controls, and encryption standards.
Operationalizing vulnerability management by identifying, prioritizing, and remediating security threats across applications and infrastructure.
Translating security compliance requirements into automated security controls and audit-ready evidence.
Ensuring that all software development and deployment processes comply with relevant security policies, standards, and regulations.
Acting as a security champion, mentoring junior engineers and developers on secure coding practices and DevSecOps principles.