DevOps Engineer, Secret Clearance

Auto Import

Job Description:

  • Implement and maintain security controls throughout the development pipeline, ensuring security is embedded in every phase of the software development lifecycle.
  • Collaborate with Information System Security Officers (ISSOs) to review Security Technical Implementation Guides (STIGs) and support Authority to Operate (ATO) processes, ensuring compliance with security standards and regulatory requirements.
  • Design, implement, and maintain secure CI/CD pipelines with automated security testing, vulnerability scanning, and compliance checks integrated into deployment workflows.
  • Actively participate in Scrum ceremonies, including sprint planning, daily standups, sprint reviews, and retrospectives, while providing security guidance and effort estimates for security-related tasks.
  • Conduct regular security assessments, vulnerability scans, and penetration testing, while coordinating remediation efforts with development teams.
  • Develop and maintain secure infrastructure configurations using Infrastructure as Code principles with automated security policy enforcement.
  • Implement and manage security monitoring tools, logging systems, and incident response procedures to detect and respond to security threats in real time.
  • Perform security risk assessments, threat modeling, and security architecture reviews to identify and mitigate potential vulnerabilities.
  • Create security documentation, procedures, and training materials while maintaining compliance artifacts for audit purposes.

Requirements:

  • 4 years of experience + Bachelor’s degree, or 8 years of experience
  • DoD Secret clearance or equivalent IAT Level II certification required (e.g., Security+ CE, CCNA-Security, GSEC, GICSP, SSCP, CySA+, or other DoD 8570.01-M / DoD 8140 approved certifications at IAT Level II)
  • AWS - Experience specifically with AWS CDK and processes (preferred)
  • Strong experience in DevSecOps practices, security automation, and secure software development within enterprise environments.
  • Deep understanding of Scrum principles and Agile development practices, including integrating security requirements into sprint planning and user story development.
  • Extensive knowledge of STIGs, NIST frameworks, ATO processes, and federal security compliance requirements, with experience working alongside ISSOs and security teams.
  • Proficiency with CI/CD tools, with GitLab CI preferred, as well as containerization technologies including Docker and Kubernetes, and automation platforms such as Terraform, Ansible, and CloudFormation.
  • Experience with cloud security platforms and cloud-native security tools, with AWS Security Hub preferred.
  • Proficiency in scripting languages, JavaScript (is preferred), Bash, and PowerShell, with experience using security testing frameworks and static/dynamic analysis tools.
  • Experience with vulnerability scanners (Nessus, OpenVAS), SAST/DAST tools, container security scanning solutions, and security orchestration platforms.
  • Excellent communication skills with the ability to work effectively across cross-functional Scrum teams, security officers, compliance teams, and stakeholders in fast-paced development environments.

Benefits:

    Back to blog