DevSecOps Engineer

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following: Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR Relevant DoD/military training (example: Research & Development Specialist (Intermediate) Playlist); OR Relevant professional certification or equivalent experience (examples: Security+).
• Software engineering, platform engineering, or DevSecOps experience with at least 3 years implementing CI/CD, IaC, and secure automation in enterprise or regulated environments.
• Hands‑on expertise with CI/CD tooling (Jenkins, GitLab CI, Azure DevOps, etc.), IaC (Terraform, CloudFormation), containerization (Docker, Kubernetes), and pipeline security integrations (SAST/SCA/DAST).
• Familiarity with RMF/ATO evidence requirements, STIG/CSG application in pipeline contexts, and automated compliance validation.
• Strong scripting and automation skills (Python, Bash, PowerShell), pipeline debugging, and observability/monitoring for build/deploy processes.
• Ability to produce governance artifacts, technical assessments, and executive briefings; excellent collaboration and stakeholder facilitation skills.

Nice To Haves

• Prior DoD/ARNG experience institutionalizing DevSecOps or supporting modernization at enterprise scale.
• Experience with policy-as-code, policy enforcement tooling, secret management, and secure supply‑chain controls.
• Familiarity with cloud-native CI/CD patterns, automated RMF evidence collection, and pipeline hardening for classified/unclassified environments.

Responsibilities

• Lead secure software engineering and DevSecOps practices: embed cybersecurity, compliance, and governance into SDLC and operational pipelines.
• Design, implement, and maintain automated CI/CD pipelines, infrastructure-as-code, configuration baselines, and build/release automation to support enterprise applications and modernization efforts.
• Translate ARNG G‑6 policies, CIO directives, and enterprise architecture requirements into actionable DevSecOps patterns, secure coding standards, and automation templates.
• Integrate security tooling (SAST, SCA, DAST, secret scanning), automated policy checks, and RMF evidence collection into pipeline workflows.
• Collaborate with program management, cybersecurity engineering, EA, SIG, and application teams to operationalize DevSecOps at scale and ensure interoperability with enterprise services.
• Evaluate emerging technologies, pilot automation/observability tools, and codify best practices to improve delivery speed, security, and reliability.
• Support IT governance: review policies, produce assessments, contribute to comment resolution matrices, and align DevSecOps implementations with enterprise modernization plans.
• Maintain documentation, runbooks, knowledge‑base artifacts, and executive-level summaries to support decision‑making and knowledge transfer.
• Mentor engineering teams on secure automation, IaC practices, pipeline resiliency, and incident remediation within DevSecOps environments.