Principal DevSecOps Engineer

About The Position

Requirements

• Bachelors in Computer Science, Computer Engineering, Electrical Engineering, or related field
• 7 to 10 years of experience in software development, systems engineering, platform engineering, or DevOps roles
• Expert level experience building container images with Podman, Docker, Kaniko, Skopeo.
• Familiarization with Universal Base Images (UBI).
• Familiarization with k3s and k8s desired.
• Expert-level experience building and optimizing GitLab CI/CD pipelines. To include use of CI templates or CI components.
• Proficiency in implementing security scan execution policies and pipeline security scans.
• Familiar with Trivy, Semgrep, and Gemnasium (or other SBOM based dependency scans).
• Expert-level experience with package managers for Java, Python and Node.
• Proficient with Red Hat Enterprise Linux 8.10 or higher.
• Active DoD Secret [or higher] clearance
• Ability to work independently and as part of a team.

Nice To Haves

• Technical leadership and systems thinking
• Excellent problem-solving skills and Risk-based decision making

Responsibilities

• Serve as the DevSecOps subject-matter expert and architectural authority
• Define standards, reference architectures, and best practices used across teams
• Design and implement secure, scalable, and highly available cloud and hybrid platforms
• Embed security controls directly into CI/CD pipelines, Infrastructure-as-code, Container platforms and deployment workflows
• Evaluate, select, and integrate DevSecOps tooling, including SAST, DAST, SCA, Secrets management, encryption, and identity integration
• Lead implementation of containerized platforms (Docker, Kubernetes, OpenShift, etc.)
• Integrate identity access management, secrets management, and encryption into pipelines and platforms
• Troubleshoot complex system, pipeline, and security issues across environments
• Act as a trusted technical advisor to engineering, security, and platform teams
• Mentor engineers and elevate DevSecOps maturity across the organization
• Lead technical reviews, architecture discussions, and root cause analyses
• Communicate risk, tradeoffs, and recommendations clearly to technical and non-technical leadership
• Actively maintain security vulnerability assessment databases for third-party application dependency scans and operating system level scans
• Actively monitor GitLab Security Dashboards for new vulnerabilities detected in software products and work with developers to remediate
• Maintain and enforce compliance frameworks across projects
• Maintain the software release pipeline
• Ensure base container images are regularly updated to include latest security patches and updates

Benefits

• Zero Harm culture
• People First company
• team of teams philosophy