DevSecOps Engineer

About The Position

Requirements

• Active Top-Secret SCI (TS/SCI) with Polygraph
• U.S. Citizenship is required
• Bachelor’s degree with 8 years of related experience; OR Master's degree with 6 years of related experience; OR associate’s degree with 11 years of related experience; OR High School diploma/GED with 14 years of related experience.
• Proficiency in programming languages such as Python, and scripting languages for automation tasks (e.g., Bash).
• Familiarity with CI/CD tools (e.g., GitLab CI, GitHub Actions), container orchestration (e.g., Kubernetes, EKS), and infrastructure as code (e.g., Terraform, Ansible).
• Skills in security cloud environments, including cloud service providers (e.g., AWS, Azure, GCP), and understanding of cloud-native security tools and practices.
• Ability to identify security issues and vulnerabilities and develop effective solutions.
• Ability to distill technical complexities into actionable guidance for development teams.

Nice To Haves

• AWS Certification , including AWS Certified DevOps Engineer or AWS Certified Solutions Architect Certification
• Experience with OPA/Gatekeeper or Kyverno.
• Knowledge of SBOM generation, artifact signing (cosign), and provenance concepts.
• Familiarity with NIST SP 800-171 or CMMC expectations.
• Strong analytical skills to diagnose complex security issues spanning multiple technologies.

Responsibilities

• Designing, building, maintaining, and optimizing CI/CD pipelines supporting automated build, test, security scan, and deployment processes.
• Integrating automated testing, security scanning, and compliance validation into pipeline execution to support secure delivery practices.
• Developing and managing IaC using Terraform or CloudFormation, implementing security guardrails and scanning to ensure compliance and prevent misconfigurations.
• Implementing security best practices for Docker, Kubernetes, and EKS, including image hardening, admission controls, policy-as-code, and runtime security.
• Partnering with teams to design and enforce AWS/Azure security guardrails, including IAM least-privilege, network controls, and encryption standards.
• Operationalizing vulnerability management by identifying, prioritizing, and remediating security threats across applications and infrastructure.
• Translating security compliance requirements into automated security controls and audit-ready evidence.
• Ensuring that all software development and deployment processes comply with relevant security policies, standards, and regulations.
• Acting as a security champion, mentoring junior engineers and developers on secure coding practices and DevSecOps principles.

Benefits

• health
• life
• disability
• financial
• retirement benefits
• paid leave
• professional development
• tuition assistance
• work-life programs