Lead Cybersecurity Engineer / Information Systems Security Engineer (ISSE), TS/SCI

Blue Sky Innovators•Reston, VA

About The Position

Seeking a Lead Cybersecurity Ops Engr / Information System Security Engineer (ISSE) to serve as a subject matter expert (SME) supporting the Department of the Air Force. You design, implement, and sustain DevSecOps pipeline(s) and supporting platform engineering capabilities. You will own the hands-on technical security engineering of the software factory and toolchain (CI/CD, IaC, artifact integrity, scanning, policy gates, and telemetry), ensuring the pipeline produces defensible artifacts and repeatable security outcomes that support assessment readiness and reduce manual compliance efforts. The ISSE shall assume primary responsibility for the execution of the core mission to enable automated Risk Management Framework (RMF) control implementation, evidence generation, and continuous monitoring to achieve and maintain Authority to Operate (ATO/cATO) across all environments. The role focuses on the hands-on technical security engineering of the software factory and toolchain (CI/CD, IaC, artifact integrity, scanning, policy gates, and telemetry), ensuring the pipeline produces defensible artifacts and repeatable security outcomes that support assessment readiness and reduce manual compliance efforts..

Requirements

14 years of experience and a Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline, or a related discipline; or a Master's degree and 12 years of experience; or a PhD/JD and 9 years of experience.
6+ years of hands-on experience in a technical cybersecurity role such as Security Engineering, DevSecOps Engineering, or Cloud Security in a DoD or similar regulated environment.
Demonstrated experience designing, building, and securing automated CI/CD pipelines (e.g., GitLab CI, Jenkins) and integrating security scanning tools (SAST, DAST, SCA).
Proficiency with Infrastructure as Code (IaC) (e.g., Terraform, Ansible), containerization technologies (Docker, Kubernetes), and scripting languages (e.g., Python, Bash).
DoD 8140 (Cyberspace Workforce Qualification Program) certification relevant to a technical engineering role (e.g., CASP+, CISSP, CCSP, Security+, or a cloud provider security certification).
Requires an active Top Secret clearance with the ability to obtain and maintain Sensitive Compartmented Information and Special Program access, as well as a willingness to consent to a polygraph examination.

Nice To Haves

Advanced certifications in cloud security (e.g., AWS/Azure Security Specialty) or DevSecOps (e.g., Certified DevSecOps Professional).
Hands-on experience with Kubernetes, Istio/service mesh, and container security hardening, preferably in a DoD environment.
Proficiency with Infrastructure as Code (IaC) tools like Terraform and configuration management tools such as Ansible or Puppet.
Experience implementing and operating security solutions within DoD-approved environments like Platform One (P1) or Cloud One (C1).
Advanced scripting and automation skills (e.g., Python, Go, Bash) for integrating security tools and automating compliance tasks.
In-depth knowledge of zero trust architecture principles and their practical implementation in cloud-native systems.
Direct experience creating and defending a continuous Authority to Operate (c-ATO) package for a software-intensive system.

Responsibilities

DevSecOps Pipeline Security Architecture & Design: Engineer a secure CI/CD pipeline and supporting services aligned with DoW DevSecOps reference designs. Define pipeline security requirements, trust boundaries, data flows, and enforcement points.
Control Implementation as Code: Translate RMF security controls into automated pipeline guardrails, including policy gates, required checks, configuration baselines, and deployment constraints using Infrastructure as Code (IaC).
Automated Security Testing & Quality Gates: Implement and maintain automated scanning (SAST/SCA/Container), IaC scanning, secrets detection, SBOM generation, and policy evaluation to enforce security thresholds within the build process.
Software Supply Chain Integrity: Implement artifact provenance (signing/attestation), hardened base image usage, and release integrity controls to ensure a secure and auditable software supply chain.
Continuous Monitoring Enablement: Engineer logging and telemetry pipelines to support continuous monitoring of pipeline events, platform security, compliance drift, and vulnerability status.
Assessment Readiness & Evidence Packaging: Develop and maintain an "evidence map" that links pipeline outputs to specific RMF controls and assessment objectives, and support assessors with demonstrations of automated enforcement.
Platform Integration & Operationalization: Coordinate with hosting platform providers to maximize inherited controls and implement secure configuration management, patching, and backup/recovery for all pipeline tooling.
Develop and document the DevSecOps Pipeline Security Architecture (diagrams and narrative).
Create and manage a Pipeline Controls-as-Code Implementation Plan.
Produce standardized Pipeline Evidence Packages (e.g., scan reports, SBOMs, attestations).
Design and implement a Continuous Monitoring Enablement Package (dashboards, alerts).
Maintain a Pipeline Backlog and Gap Remediation Roadmap to track progress toward ATO/cATO readiness.