DevSecOps Engineer

About The Position

Requirements

• A bachelor’s degree from an accredited college or university in computer Science, Engineering, or an applicable field of study
• Minimum of three years in Application Security or software development role
• Ability to obtain and maintain a Common Access Card (CAC) and a US Government Security Clearance
• Skilled in Agile, DevOps, and modern delivery practices
• Strong Linux expertise, including system internals and security topics such as permissions, process isolation, secure execution (non-root services), file handling, and common vulnerability classes
• Strong analytical and problem-solving skills with an attacker mindset, able to anticipate and simulate real-world attacks and identify vulnerabilities beyond automated scanning
• Experience interpreting and applying security frameworks (e.g., STIGs, FIPS 140-x, NIST 800-53) to derive system-specific security controls and implement them within development pipelines and deployed environments
• Evaluate application and system designs to identify security gaps and recommend architectural improvements beyond pipeline-based controls
• Evaluate trade-offs between security, performance, and operational constraints in safety-critical or resource-constrained environments
• Have hands-on experience with GitLab CI/CD pipelines, including writing and debugging .gitlab-ci.yml configurations
• Are familiar with Coverity, Black Duck, or similar SAST/SCA tools and understand how to interpret and act on scan results
• Have experience building C/C++ applications in Linux environments using gcc, make, or cmake
• Are familiar with secure handling of secrets and credentials within CI/CD pipelines

Responsibilities

• Analyze application architectures, deployment topologies, and trust boundaries to identify threats and define appropriate security controls across the development lifecycle
• Develop and apply threat models to identify vulnerabilities and drive the selection of security controls in code, pipelines, and runtime environments
• Interact with software developers to guide secure development, perform code reviews, and provide actionable, risk-based recommendations
• Design, implement, and maintain CI/CD pipelines that enforce and validate security controls (e.g., SAST, SCA, build integrity, artifact security) for C/C++ applications targeting Linux hosts
• Build C/C++ applications using standard Linux toolchains (e.g., gcc/g++, make, cmake) and resolve compilation and dependency issues
• Manage and securely handle pipeline artifacts, dependencies, and environment variables, ensuring sensitive information is not exposed in code or logs

Benefits

• Medical, Dental & Vision Benefits
• Company Paid Life and AD&D
• Company Paid Short Term and Long-Term Disability
• Flexible Spending & HSA Accounts
• Legal & ID Shield Services
• 401k with Company Match
• Paid holidays
• Paid Time Off (PTO)