DevSecOps Engineer, Staff

AMERICAN SYSTEMS is an employee-owned federal government contractor supporting national priority programs through our strategic solutions in the areas of Information Technology, Test & Evaluation, Program Mission Support, Engineering & Analysis, and Training.

Responsibilities

The DevSecOps Engineer will design, implement, and maintain secure, automated
software delivery pipelines in support of U.S. defense acquisition programs. This role
requires strong Linux expertise, hands-on experience with modern DevSecOps practices, and a solid understanding of DoD acquisition environments, processes, and security requirements. You will collaborate with development, security, and operations teams to ensure mission-critical systems are built, tested, and deployed securely and reliably.

Key Responsibilities

• DevSecOps & Automation
  
  • Design, implement, and maintain CI/CD pipelines (e.g., GitLab CI, GitHub Actions, Jenkins, Azure DevOps) to automate build, test, security scanning, and deployment processes.
  • Integrate security tools (SAST, DAST, SCA, container scanning, secret detection) into the pipeline and enforce "shift-left" security practices.
  • Develop and maintain Infrastructure as Code (IaC) using tools such as Terraform, Ansible, Helm, or CloudFormation.
  • Implement and manage configuration management and environment provisioning for development, test, staging, and production environments.
• Linux & Platform Engineering
  
  • Administer and harden Linux-based systems (RHEL, CentOS, Rocky, Ubuntu, or similar) in accordance with DoD security standards (e.g., STIGs, CIS Benchmarks).
  • Manage system services, networking, access controls, logging, and system monitoring on Linux platforms.
  • Troubleshoot performance, reliability, and security issues on Linux servers, containers, and virtual machines.
  • Build and maintain containerized workloads (Docker/Podman) and orchestrated environments (Kubernetes/OpenShift or similar).
• Security & Compliance
  
  • Implement and maintain security controls in line with DoD and federal requirements (e.g., RMF, NIST SP 800-53, NIST 800-171, CMMC).
  • Support Authority to Operate (ATO) activities by producing required DevSecOps and system artifacts (e.g., pipeline documentation, security test results, configuration baselines).
  • Collaborate with ISSOs, security engineers, and program managers to ensure continuous compliance and vulnerability remediation.
  • Implement monitoring, alerting, and logging solutions (e.g., ELK/EFK, Splunk, Prometheus/Grafana) to support security operations and incident response.
• Defense Acquisition Support
  
  • Work within the constraints and requirements of DoD acquisition lifecycle frameworks (e.g., DoDI 5000 series, DoD 5000.02, Adaptive Acquisition Framework).
  • Align DevSecOps practices with program milestones, deliveries, and documentation expectations (e.g., CDR, TRR, test events, fielding).
  • Participate in technical reviews, risk assessments, and planning sessions with program stakeholders and government customers.
  • Provide technical input to acquisition artifacts such as System Engineering Plans, Test Plans, and Cybersecurity Strategies.
• Collaboration & Technical Leadership
  
  • Partner with developers, system engineers, cybersecurity, and program management to define secure architecture patterns and deployment strategies.
  • Champion DevSecOps best practices, secure coding standards, and continuous improvement across the team.
  • Mentor junior engineers and contribute to internal standards, templates, and playbooks.

Qualifications

• 3-5 years experience in classified or air-gapped environments and with cross-domain or
  disconnected DevSecOps workflows.
• Hands-on experience with:
  
  • DoD Enterprise DevSecOps platforms (e.g., Platform One, Iron Bank, relevant containers registries)
  • Secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager, Key Management Systems)
  • Cloud platforms (AWS, Azure, GCP) and hybrid/multi-cloud environments in a government context (e.g., IL4/IL5, GovCloud).
• Relevant certifications, such as:
  
  • Security+ CE, CISSP, CASP+, or other DoD 8570/8140 certifications Red Hat (RHCSA/RHCE), Linux Foundation (CKA/CKAD), or similar DevOps/Cloud certifications (e.g., AWS/Azure DevOps Engineer, CNCF).
• Experience with Agile/Scrum or SAFe in defense programs.
• Strong written and verbal communication skills, including the ability to document architectures, pipelines, and security controls clearly for technical and non-technical stakeholders.
• Ability to work collaboratively in a multi-disciplinary, multi-contractor environment.
• Demonstrated problem-solving skills and ownership mindset in highly regulated,
  mission-critical contexts.

Pay Transparency Statement

AMERICAN SYSTEMS is committed to pay transparency for our applicants and employee-owners. The salary range for this position is USD $80,100.00/Yr. - USD $133,700.00/Yr. Actual compensation will be determined based on several factors permitted by law. AMERICAN SYSTEMS provides for the welfare of its employees and their dependents through a comprehensive benefits program by offering healthcare benefits, paid leave, retirement plans, insurance programs, and education and training assistance.

EEO Statement

EEO Race/Sex/Disability Status/Veteran Status