DevSecOps Engineer

About The Position

Requirements

• 5+ years of experience in cybersecurity engineering and DevSecOps in federal or defense environments employing IaC/CaC, CI/CD, and SSDLC concepts
• 3+ years of experience in scripting, including Python or Bash and automation frameworks
• 2+ years of experience implementing cybersecurity solutions in AWS cloud and container orchestration, including Kubernetes
• Knowledge of best practice cybersecurity and threat-based cybersecurity frameworks, including AI or ML security best practices
• Knowledge of NIST SP 800-53 controls, RMF compliance, eMASS, STIG Manager, STIG Viewer, and SCAP tools
• Knowledge of Agile and Change Management methodologies
• Top Secret clearance
• Bachelor’s degree in Cybersecurity or Computer Science
• Security+ Certification

Nice To Haves

• 3+ years of experience reviewing code samples and applying whitelisting or exemption processes
• Experience developing Zero Trust security solutions for DevSecOps pipelines
• Experience evaluating security tools and assessing fit for inclusion in Development or Operational environments
• Possession of excellent verbal, technical writing, and documentation skills
• TS/SCI clearance
• Master’s degree in an IT or Cybersecurity field
• AWS Solutions Architect, AWS Security, or CISSP Certification

Responsibilities

• Apply expertise in DevSecOps to integrate and enhance security into software delivery pipelines.
• Serve as a technical expert, using secure development practices and delivering continuous improvement across the CI/CD ecosystem.
• Evolve and secure CI/CD pipelines by integrating and automated security tools such as SAST, DAST, SCA, and container scanning to meet DoD requirements and reduce operational risk.
• Enhance DevSecOps pipelines by refining vulnerability detection thresholds, tuning scanners, reducing false positives, and optimizing remediation workflows.
• Harden Infrastructure-as-Code (IaC) templates, enforce policy-as-code across environments, conduct risk assessments, and contribute to system security plans (SSPs) and continuous authority to operate (ATO) efforts.
• Collaborate with development, operations, and security teams to support secure software delivery.
• Monitor pipeline activity for anomalies and assist in responding to security incidents.
• Champion Zero Trust principles and drive adoption of secure-by-design methodologies across the software development lifecycle (SDLC).

Benefits

• health, life, disability, financial, and retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs
• dependent care
• recognition awards program