DevSecOps Engineer (1455)

About The Position

Requirements

• Hands-on experience securing or operating CI/CD pipelines and modern deployment workflows.
• Demonstrated ability to automate security/ops tasks using scripting/programming (i.e., Python, Bash, etc.).
• Working knowledge of secure system design and operational security fundamentals (least privilege, secrets handling, patching, logging/monitoring, vulnerability management).
• Experience working in regulated/compliance-driven environments (e.g., audit requirements, security controls, change management).
• Strong written communication skills with proven ability to document procedures and communicate technical risk clearly.
• DoD 8570 IAT Level II certification (e.g., CompTIA Security+, SSCP, or equivalent).
• Bachelor’s degree (or comparable professional experience)
• 3–6 years of experience in DevOps, DevSecOps, Security Engineering, Systems Engineering, Platform Engineering, or related disciplines.
• Requires a current TS/SCI. Employment is contingent on having or obtaining the required active security clearance or successfully passing the required background check, as well as other factors, including, but not limited to, drug screens.

Nice To Haves

• Ops certifications (e.g., RHCSA, or similar).
• Familiarity with government security frameworks such as NIST (e.g., NIST SP 800-53 concepts) and the RMF/ATO lifecycle (implementing controls, collecting evidence, supporting assessments).
• Experience implementing or validating DISA STIG-aligned configurations and control evidence.
• Experience with centralized baseline configuration management/enforcement (e.g., Ansible, Puppet, Chef, Salt; compliance tooling such as OpenSCAP and/or similar approaches).
• Experience with centralized logging platforms (e.g., Splunk, ELK/OpenSearch, Loki, Sentinel) and building actionable security/ops dashboards.
• Experience with SNMP monitoring (e.g., Zabbix, LibreNMS, SolarWinds, Prometheus SNMP exporter) and alert tuning.
• Container and orchestration experience: Kubernetes and container tooling such as Docker and/or Podman (secure build patterns, image provenance/scanning, runtime hardening).
• Experience in on-premises and hybrid environments, including segmented networks and restricted connectivity patterns.
• Working familiarity with Red Hat Enterprise Linux (RHEL) or RHEL-compatible systems.
• Ability to work within controlled environments and comply with program security policies and handling procedures.
• Programming experience and knowledge of Python and Java.

Responsibilities

• Embed and maintain security controls in CI/CD pipelines to support secure, repeatable software delivery.
• Software composition analysis (SCA), container/image scanning, and infrastructure/configuration security checks.
• Implement and maintain policy-as-code / security gates aligned to program requirements and risk tolerance (e.g., blocking high-severity findings where appropriate, exception handling, evidence capture).
• Support development teams with shift-left security: triage findings, validate risk, recommend remediation, and verify fixes.
• Maintain and improve Infrastructure-as-Code (IaC) and deployment automation to reduce drift and improve standardization.
• Support baseline configuration management/enforcement and hardened builds (including DISA STIG-aligned configurations where required).
• Enable and improve centralized logging and monitoring to support security operations, detection, auditing, and troubleshooting.
• Ensure solutions meet government and organizational security requirements, supporting RMF/ATO activities, security documentation, and evidence collection.
• Participate in incident response, including investigation support, containment assistance, and root-cause analysis with corrective/preventive actions.
• Create and maintain technical documentation (runbooks, control implementation notes, pipeline security procedures, operational guides, and audit evidence).