Job Requirements
Patrick AFB, FL
Top Secret/SCI Polygraph not specified
Mid Level Career (5+ yrs experience)
$115,000 - $140,000
Job Description
Position Title: DevSecOps Engineer – Cleared Software Engineering Environment Support
Location: Remote, with occasional travel to main offices and client sites as required
Clearance Level: Active security clearance required - Top Secret/Sensitive Compartmented Information - TS/SCI
Salary: $115k - $140k pending qualifying factors
Position Overview
We are seeking a DevSecOps Engineer to join our engineering team and play a key role in securing our highly technical, cleared software environments. The ideal candidate will have a strong background in implementing security-focused DevOps practices within classified or high-security environments, particularly those requiring stringent compliance and zero-trust methodologies. This role will involve building, deploying, and maintaining scalable, secure infrastructure to support our custom solutions and seismic monitoring software for government and nuclear sectors.
Hot Initiatives or Likely Scenarios To Be Faced
Lead efforts with Gitlab CI/CD integration in a secure environment
Lead efforts to integrate existing software with onsite Oracle database
Lead efforts on identifying and following STIG processes
Lead efforts on analyzing security scans of delivered software and addressing security concerns.
Participate as development team member for a senior level distributed team of Scientists and Software Engineers.
Key Responsibilities
• Secure DevOps Pipeline Development: Design, implement, and maintain a secure CI/CD pipeline for classified applications, enforcing least privilege and zero-trust principles.
• Security Automation and Integration: Integrate security tools into the DevOps pipeline, including static and dynamic code analysis, dependency management, container security, and vulnerability scanning tools.
• Cloud Infrastructure Management: Securely configure and manage multi-cloud environments (AWS GovCloud, AWS Government, etc., with a strong emphasis on secure networking, access controls, and IAM policies.
• Compliance and Auditing: Ensure that all processes, pipelines, and infrastructure comply with industry standards (e.g., NIST 800-53, FedRAMP, DISA STIGs), conducting regular security audits, vulnerability assessments, and penetration testing.
• Collaboration with Engineering and Research Teams: Work closely with nuclear physics and software teams to incorporate security measures from design through deployment, ensuring software and systems maintain high integrity in classified environments. The successful candidate will be a team player who can both help the development team and know when to ask for help from the development team. We are a small team and must work well together.
• Documentation and Knowledge Transfer: Create and maintain comprehensive security documentation, processes, and playbooks for continuous security improvements in DevSecOps workflows.
Required Qualifications
• Security and DevOps Expertise: 5+ years of experience in a DevSecOps or Security Engineering role with a focus on building secure CI/CD pipelines for high-security environments.
• Clearance Requirement: Active security clearance. TS/SCI
• Technical Skills:
• Containerization and Orchestration: Proficient in Docker, Kubernetes, and Helm with a focus on secure container lifecycle management.
• Cloud Security: Advanced experience with AWS GovCloud, Azure Government, and hybrid cloud environments, including secure VPC setup, IAM, and identity federation.
• Automation: Proficient in scripting (Python, Bash) and infrastructure-as-code tools (e.g., Terraform, Ansible) for automated secure configuration management.
• Security Tools: Hands-on experience with tools such as Fortify, OWASP Dependency Scanner, OWASP ZAP, SonarQube, and GitLab CI/CD with security integrations.
• Knowledge of Compliance Standards: In-depth understanding of NIST 800-53, NIST 800-171, FedRAMP, and DISA STIGs.
Preferred Qualifications
• Certifications: Relevant certifications, such as CISSP, AWS Certified Security Specialty, or Certified DevSecOps Professional, are a plus.
• Advanced Security Practices: Experience with zero-trust architecture, secure data workflows, and compliance-driven automation in federal government or DoD environments.
Core Professional Competencies
• Analytical and Problem-Solving Skills: Ability to work with complex scientific data and design security solutions that do not compromise operational efficiency.
• Collaboration and Communication: Exceptional interpersonal skills to work effectively with researchers, engineers, and clients within secure environments.
• Adaptability: Flexibility to work with evolving compliance requirements and diverse project demands.
Location: Remote, with occasional travel to main offices and client sites as required
Clearance Level: Active security clearance required - Top Secret/Sensitive Compartmented Information - TS/SCI
Salary: $115k - $140k pending qualifying factors
Position Overview
We are seeking a DevSecOps Engineer to join our engineering team and play a key role in securing our highly technical, cleared software environments. The ideal candidate will have a strong background in implementing security-focused DevOps practices within classified or high-security environments, particularly those requiring stringent compliance and zero-trust methodologies. This role will involve building, deploying, and maintaining scalable, secure infrastructure to support our custom solutions and seismic monitoring software for government and nuclear sectors.
Hot Initiatives or Likely Scenarios To Be Faced
Lead efforts with Gitlab CI/CD integration in a secure environment
Lead efforts to integrate existing software with onsite Oracle database
Lead efforts on identifying and following STIG processes
Lead efforts on analyzing security scans of delivered software and addressing security concerns.
Participate as development team member for a senior level distributed team of Scientists and Software Engineers.
Key Responsibilities
• Secure DevOps Pipeline Development: Design, implement, and maintain a secure CI/CD pipeline for classified applications, enforcing least privilege and zero-trust principles.
• Security Automation and Integration: Integrate security tools into the DevOps pipeline, including static and dynamic code analysis, dependency management, container security, and vulnerability scanning tools.
• Cloud Infrastructure Management: Securely configure and manage multi-cloud environments (AWS GovCloud, AWS Government, etc., with a strong emphasis on secure networking, access controls, and IAM policies.
• Compliance and Auditing: Ensure that all processes, pipelines, and infrastructure comply with industry standards (e.g., NIST 800-53, FedRAMP, DISA STIGs), conducting regular security audits, vulnerability assessments, and penetration testing.
• Collaboration with Engineering and Research Teams: Work closely with nuclear physics and software teams to incorporate security measures from design through deployment, ensuring software and systems maintain high integrity in classified environments. The successful candidate will be a team player who can both help the development team and know when to ask for help from the development team. We are a small team and must work well together.
• Documentation and Knowledge Transfer: Create and maintain comprehensive security documentation, processes, and playbooks for continuous security improvements in DevSecOps workflows.
Required Qualifications
• Security and DevOps Expertise: 5+ years of experience in a DevSecOps or Security Engineering role with a focus on building secure CI/CD pipelines for high-security environments.
• Clearance Requirement: Active security clearance. TS/SCI
• Technical Skills:
• Containerization and Orchestration: Proficient in Docker, Kubernetes, and Helm with a focus on secure container lifecycle management.
• Cloud Security: Advanced experience with AWS GovCloud, Azure Government, and hybrid cloud environments, including secure VPC setup, IAM, and identity federation.
• Automation: Proficient in scripting (Python, Bash) and infrastructure-as-code tools (e.g., Terraform, Ansible) for automated secure configuration management.
• Security Tools: Hands-on experience with tools such as Fortify, OWASP Dependency Scanner, OWASP ZAP, SonarQube, and GitLab CI/CD with security integrations.
• Knowledge of Compliance Standards: In-depth understanding of NIST 800-53, NIST 800-171, FedRAMP, and DISA STIGs.
Preferred Qualifications
• Certifications: Relevant certifications, such as CISSP, AWS Certified Security Specialty, or Certified DevSecOps Professional, are a plus.
• Advanced Security Practices: Experience with zero-trust architecture, secure data workflows, and compliance-driven automation in federal government or DoD environments.
Core Professional Competencies
• Analytical and Problem-Solving Skills: Ability to work with complex scientific data and design security solutions that do not compromise operational efficiency.
• Collaboration and Communication: Exceptional interpersonal skills to work effectively with researchers, engineers, and clients within secure environments.
• Adaptability: Flexibility to work with evolving compliance requirements and diverse project demands.
group id: ClearanceJobsSC