Role Overview
We're looking for a Senior DevSecOps Engineer to embed security into the full software development lifecycle for government-compliant systems. This position plays a central role in achieving and maintaining Authorization to Operate (ATO) under DoD and federal standards. You'll work entirely remotely, supporting secure, automated infrastructure that meets strict regulatory requirements.
Key Responsibilities
- Build and manage secure CI/CD pipelines in alignment with DoD Enterprise DevSecOps standards
- Automate provisioning of compliant environments using infrastructure-as-code tools like Terraform, Ansible, or CloudFormation
- Integrate security testing tools—including SAST, DAST, and container scanning—into development workflows
- Enforce compliance with DoD STIGs, DISA baselines, and RMF controls through automated infrastructure configurations
- Translate federal security requirements into automated checks and validation scripts using tools like OpenSCAP, Chef InSpec, or PowerSTIG
- Support the creation and maintenance of technical documentation for RMF packages and continuous monitoring
- Operate and extend DevSecOps platforms such as GitLab, Jenkins, ArgoCD, Harbor, Nexus, SonarQube, and Anchore
- Secure containerized workloads and manage deployments on Kubernetes, including use of hardened images from sources like Iron Bank
- Manage secrets, encryption keys, and logging systems using Vault or approved cloud services
- Collaborate with security and engineering teams to align with NIST SP 800-53, FedRAMP, and RMF frameworks
- Partner with ISSOs, ISSMs, and assessors to support ATO documentation and compliance audits
- Act as a technical authority on federal cybersecurity standards and secure engineering practices
Required Qualifications
- Bachelor’s degree in Computer Science or a related field, or equivalent professional experience
- Minimum of 7 years of hands-on DevSecOps experience, particularly in AI/ML or data-heavy environments
- Experience hardening OpenShift or Kubernetes environments
- Understanding of Zero Trust Architecture principles
- Proven track record supporting or leading ATO processes
- Proficiency with DevSecOps tooling, methodologies, and reference frameworks
- Familiarity with federal compliance standards such as NIST 800-53, RMF, and FedRAMP
- Practical experience in cloud platforms (AWS, Azure, or GCP) and container technologies (Docker, Kubernetes)
- Strong scripting skills in Python, Bash, or similar languages
- Excellent communication, leadership, and technical documentation skills
- Active security clearance or ability to obtain one
Preferred Qualifications
- Current U.S. government Secret clearance or higher
Technology Environment
Infrastructure as Code: Terraform, Ansible, CloudFormation CI/CD & Container Tools: GitLab, Jenkins, ArgoCD, Harbor, Nexus, SonarQube, Anchore Orchestration & Security: Kubernetes, Docker, Vault, AWS Secrets Manager Compliance Automation: OpenSCAP, Chef InSpec, PowerSTIG Cloud Platforms: AWS GovCloud, Azure Government, DoD Cloud environments Operational Context: Air-gapped networks, federal compliance zones
Work Environment
This is a fully remote position. Candidates must be U.S. citizens residing in the contiguous United States. Travel is minimal, with less than 10% expected. The role supports mission-critical systems within national security and defense sectors.
Company Culture
We focus on delivering advanced technology solutions for public sector challenges, with a strong emphasis on security, compliance, and operational integrity. Our team values precision, accountability, and innovation in support of national priorities.
