DevSecOps Engineer
About The Position
The DevSecOps Engineer position at iMETALX is integral to establishing and refining the security and deployment frameworks within our software development organization. You will be responsible for designing and managing secure CI/CD pipelines, fortifying development and build systems, and implementing infrastructure as code. Your goal is to ensure that our engineering practices align with essential security protocols while promoting speed and efficiency. This role is not a standard compliance-focused position; we value a professional who can balance security, reliability, and rapid deployment, helping our team transition from fast-paced innovation to a more structured yet agile development environment.
Requirements
- Active U.S. TS Security Clearance
- U.S. citizenship is required due to ITAR export-control restrictions.
- 4+ years of experience in a DevOps/DevSecOps/Platform Engineer or related role, with a focus on security practices.
- Expertise with CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI) and their integration with security practices.
- Experience with Linux Environments, containerization, and scripting/automation (Python, Bash)
- Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, OWASP).
- Experience with vulnerability assessments, penetration testing, and remediation techniques.
- Ability to work collaboratively in a fast-paced environment and quickly adapt to changing requirements.
Nice To Haves
- Experience with agile methodologies and project management tools (e.g., JIRA, Trello).
- Familiarity with networking concepts and security measures in cloud environments.
- Certifications such as CISSP, CISM, or AWS Certified Security Specialty are a plus.
Responsibilities
- Create and oversee CI/CD pipelines with integrated security measures (SAST/DAST, dependency and container scanning).
- Establish secure build processes involving artifact signing, SBOM generation, vulnerability gating, and reproducible builds.
- Enhance developer experience through rapid feedback mechanisms and self-service tools.
- Design and manage cloud-based and on-premise environments, employing Infrastructure as Code (with a preference for Terraform).
- Develop secure baseline environments for development, staging, and production, prioritizing least-privilege access and robust identity safeguards.
- Facilitate system deployments across constrained environments (e.g., air-gapped networks, restricted endpoints).
- Enforce engineering controls and evidence collection that aligns with:
- NIST 800-53 / RMF
- CUI handling protocols
- Configuration baselines and ongoing monitoring procedures
- Direct the technical implementation for audit preparedness, encompassing logging, access management, traceability, and configuration drift oversight.
- Manage and secure container workflows related to:
- Base image hardening
- Admission controls
- Secrets management practices
- Runtime monitoring and observability
- Maintain Docker and orchestrating tools, with Kubernetes being an advantageous skill.
- Advance observability through centralized logging, metrics, alerting, and security telemetry.
- Collaborate in defining and executing procedures around incident response, vulnerability management, and patching cycles.
Benefits
- Competitive Salary
- Health Insurance/Dental
- Paid Time Off
- 401k
- Performance Bonus
- Equity
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
