DevSecOps Engineer

About The Position

Requirements

• Bachelor’s degree in computer science, Software Engineering, or related field
• 2–5 years of experience in a DevOps, SRE, or automation-focused role
• Experience with CI/CD tools (Jenkins, GitLab, Bitbucket) supporting multiple languages (C/C++, Java, Python)
• Proficiency with source code management, branching strategies, merging, and code review practices
• Strong familiarity with configuration management and automation tools (Ansible, Helm)
• Solid Linux fundamentals and scripting experience (Bash, Python)
• Understanding of secure software development lifecycle (SSDLC) concepts
• Excellent communication and collaboration skills
• U.S. citizenship required

Nice To Haves

• Knowledge of security scanning tools and methodologies (SAST, DAST, SCA, vulnerability scanning)
• Tools such as Anchore, Xray, Tenable/Nessus, or equivalent
• Familiarity with artifact repositories and dependency management (Artifactory or equivalent)
• Exposure to virtualization technologies (XCP-ng, XEN, KVM, or VMware)
• Basic understanding of code quality and static analysis tools (SonarQube)
• Exposure to cloud platforms (AWS, Azure, GCP) and Infrastructure as Code (Terraform)
• Interest or experience with containerization and orchestration (Docker, Kubernetes)
• Familiarity with monitoring and observability tools (Prometheus, Grafana)
• Exposure to secrets management and secure configuration (Vault, AWS Secrets Manager, Kubernetes secrets)
• Basic understanding of network and application security (TLS, certificates, authentication, authorization)
• Exposure to compliance frameworks such as NIST 800-53, NIST 800-171, RMF, or similar
• Experience supporting audits, assessments, or ATO-related activities is a plus
• Familiarity with centralized logging or SIEM tools (ELK, OpenSearch, Splunk) is a plus

Responsibilities

• Support and maintain automated security scanning workflows across the CI/CD pipeline
• Collaborate with engineering teams to triage, remediate, and prevent security vulnerabilities
• Monitor and analyze security scanning results in development, staging, and production environments
• Maintain and enhance CI/CD pipelines using Jenkins, GitLab, and Bitbucket
• Automate infrastructure provisioning and configuration using Ansible, Helm, and Infrastructure as Code
• Support containerization strategies and secure deployments using Docker and Kubernetes
• Assist with secrets management, credential handling, and secure configuration baselines
• Support audit preparation, evidence collection, and compliance-related activities
• Document processes, present findings, incorporate feedback, and contribute to continuous improvement
• Assist with troubleshooting across development, staging, and production environments with a security-first mindset