DevSecOps Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science, Software Engineering, or a related technical field.
• 2-8 years of experience in software engineering/development.
• Experience with container tools like Docker and Podman, container management, and associated technologies like Kubernetes
• Familiarity with CI/CD pipelines and process workflows (GitLab CI, Jenkins, etc)
• Familiarity with version control tools, i.e. Git
• Experience with modern Infrastructure as Code (IaC) tools like Packer, Terraform, Ansible
• Familiarity or experience interacting with modern cloud providers and related technologies, such as Amazon Web Services or Microsoft Azure, or Google Cloud Services
• Familiarity with processes like: Agile Development, DevOps, and DevSecOp
• Experience with one or more modern Infrastructure as Code (IaC) tools like Packer, Terraform, Ansible
• Demonstrated skill sets in in at least one or more high-level programming languages (e.g. Golang, Java, C++)
• Demonstrated skillsets in at least one or more scripting languages (e.g. Python, Bash, Powershel
• Must possess an active Top Secret clearance with eligibility for SCI.

Nice To Haves

• Demonstrated skill sets in in at least one or more high-level programming languages (e.g. Golang, Java, C++)
• You must be able to work both independently and in a collaborative team environment
• You must be able to meet required schedules and timelines
• You must be able to communicate technical issues and provide written, oral and/or digital products
• You must have good analytic skills and the ability to apply these skills in a multi-tasking environment where more than one project may require his/her participation at a given time (typically one primary project and one or two ancillary projects)

Responsibilities

• DevSecOps Pipeline Development: Design, maintain, and optimize Continuous Integration/Continuous Deployment (CI/CD) pipelines to ensure secure and efficient development workflows.
• Automate testing, security validation, and deployment processes within development pipelines.
• Security Integration: Embed security controls, tools, and practices (e.g., SAST, DAST, vulnerability scanners) into the DevSecOps lifecycle to ensure compliance with DoD standards.
• Implement and manage secure coding frameworks, encryption practices, and zero-trust architectures for mission-critical applications.
• Systems and Application Development Support: Collaborate with developers to integrate DevSecOps tools that enhance system performance, security, and reliability across air platform mission systems.
• Configure secure containerized environments using Kubernetes, Docker, and other orchestration tools for real-time system operations.
• Automation and Monitoring: Develop automated processes for infrastructure provisioning and application monitoring via Infrastructure as Code (IaC) (e.g., Terraform, Ansible).
• Maintain observability through monitoring dashboards and alerting systems to ensure system performance and compliance.
• Compliance and Governance: Ensure systems align with DoD frameworks such as RMF (Risk Management Framework), NIST Cybersecurity Framework, and CMMC standards.
• Maintain documentation for DevSecOps configurations, pipelines, and security validations, ensuring transparency across teams.
• Collaboration in an IPT Framework: Work within an Integrated Product Team (IPT) to coordinate development and security practices with software engineers, systems architects, and program stakeholders.
• Provide technical expertise to streamline processes and ensure alignment with mission-critical requirements.