DevSecOps Engineer (26-002)

The DevSecOps Engineer will support the C2BMC program and will primarily be responsible for the following.

Location

Huntsville, AL

The Work You'll Do

• Infrastructure-as-Code (IaC) Development
• Design, write, and maintain IaC templates for Windows and Linux platforms using Ansible, Packer, Python and other scripting languages.
• Ensure all code is version-controlled, reviewed, and compliant with C2BMC security standards.
• Fully-Automated Software Stack
• Build and operate an end-to-end automation pipeline that provisions, hardens, and configures systems for the C2BMC program.
• Integrate automated testing, vulnerability scanning, and compliance verification into the stack.
• STIG Baseline Hardening Automation
• Develop reusable Ansible playbooks and custom scripts that automatically apply the DoD STIG baseline to C2BMC systems.
• Track and remediate any compliance drift on an ongoing basis.
• Configuration-Management Baseline
• Establish a single source of truth for all configuration data (inventory, variables, secrets) that feeds the Ansible automation.
• Implement secure secret management (Vault, Azure Key Vault, AWS Secrets Manager, etc.) and enforce idempotent deployments.
• Tooling & Technology Refresh
• Evaluate, prototype, and stand up new tools, containers, and services that keep C2BMC ahead of emerging technology trends.
• Provide documentation, training, and knowledge-transfer for any new capabilities introduced to the team.

What You'll Bring

• Bachelor's Degree and 9+ years' experience, or a Master's Degree and 7+ years' experience.
• Active Secret clearance required to start.
• Active IAT Level II Certification (Security+ or equivalent) required.
• 3-5 years of hands-on DevSecOps/DevOps experience in a high-security, mission-critical environment.
• Proven ability to write clean, maintainable code; familiarity with the software development lifecycle (SDLC).
• Deep knowledge of Linux (RHEL, CentOS, Ubuntu) and/or Windows Server (2016/2019/2022) administration, including hardening and patch management.
• Direct experience implementing security baselines (STIG, CIS, NIST), vulnerability remediation, or hardening automation.
• Have basic network fundamentals, understanding of TCP/IP, VLANs, routing, firewalls, VPNs, and basic network troubleshooting.
• Ansible - Advanced proficiency in playbook development, role creation, inventory management, and Ansible Automation Platform.
• Containerization - Strong experience building, packaging, and deploying containerized applications (Docker, Podman) and orchestrating them with Kubernetes or OpenShift.
• Scripting Languages - Expert-level scripting in Python, Bash, and/or PowerShell for automation, data manipulation, and API integration.
• CI/CD Platforms - Hands-on with GitLab CI/CD (or Jenkins, Azure DevOps, GitHub Actions) to design pipelines that include unit tests, security scans, and automated deployments.
• Version Control & Collaboration - Mastery of Git workflows, pull-request reviews, branching strategies, and code-ownership practices.
• Infrastructure-as-Code Tools - Proficiency with Terraform/Packer for platformed-agnostic resource provisioning.
• Monitoring & Observability - Experience configuring telemetry (Prometheus, Grafana, ELK/EFK stacks, Splunk) and alerting for automated environments.
• Secret & Credential Management - Familiarity with HashiCorp Vault, Azure Key Vault, AWS Secrets Manager, or equivalent.
• Compliance Automation - Ability to script and integrate compliance checks (OpenSCAP, Inspec, Chef InSpec) into the deployment pipeline.
• Problem-Solving & Incident Response - Comfortable troubleshooting complex, multi-layered failures and participating in on-call rotation for production issues.
• The appropriate measure for this level position includes: applies extensive expertise: solves complex problems that require the regular use of ingenuity and creativity; work is performed without appreciable direction and is reviewed for desired results from a relatively long time perspective: erroneous decisions would normally result in failure to achieve major organizational objectives: may function in project leadership roles and represents the organization as prime customer contact on significant technical matters on contracts.

Salary Range: $120,000-$163,000

Our Approach

At SecureStrux, we are committed to core values that guide the way we work with one another and our clients. As a team member, you will Create Team Synergy, Drive Continuous Innovation, Deliver with Integrity, and have the Freedom to Own it. Our thriving company culture supports our employees as they seek to grow with us!

What We Offer

Between our virtual environment where you can evaluate recent technologies and enhance your skills, and a generous annual professional development stipend, you will join a team that enjoys working on leading-edge technologies for world-class clients. We offer a robust total compensation package that includes comprehensive health benefits to support you and your family, flexible time off, continuing education allowance, a donation allowance for charitable causes, and a matched 401k.

Employment Types: Full-time

Work Arrangements: On-site

Locations: Alabama