DevOps Engineer, Secret Clearance
Auto ImportJob Description:
- Implement and maintain security controls throughout the development pipeline, ensuring security is embedded in every phase of the software development lifecycle.
- Collaborate with Information System Security Officers (ISSOs) to review Security Technical Implementation Guides (STIGs) and support Authority to Operate (ATO) processes, ensuring compliance with security standards and regulatory requirements.
- Design, implement, and maintain secure CI/CD pipelines with automated security testing, vulnerability scanning, and compliance checks integrated into deployment workflows.
- Actively participate in Scrum ceremonies, including sprint planning, daily standups, sprint reviews, and retrospectives, while providing security guidance and effort estimates for security-related tasks.
- Conduct regular security assessments, vulnerability scans, and penetration testing, while coordinating remediation efforts with development teams.
- Develop and maintain secure infrastructure configurations using Infrastructure as Code principles with automated security policy enforcement.
- Implement and manage security monitoring tools, logging systems, and incident response procedures to detect and respond to security threats in real time.
- Perform security risk assessments, threat modeling, and security architecture reviews to identify and mitigate potential vulnerabilities.
- Create security documentation, procedures, and training materials while maintaining compliance artifacts for audit purposes.
Requirements:
- 4 years of experience + Bachelor’s degree, or 8 years of experience
- DoD Secret clearance or equivalent IAT Level II certification required (e.g., Security+ CE, CCNA-Security, GSEC, GICSP, SSCP, CySA+, or other DoD 8570.01-M / DoD 8140 approved certifications at IAT Level II)
- AWS - Experience specifically with AWS CDK and processes (preferred)
- Strong experience in DevSecOps practices, security automation, and secure software development within enterprise environments.
- Deep understanding of Scrum principles and Agile development practices, including integrating security requirements into sprint planning and user story development.
- Extensive knowledge of STIGs, NIST frameworks, ATO processes, and federal security compliance requirements, with experience working alongside ISSOs and security teams.
- Proficiency with CI/CD tools, with GitLab CI preferred, as well as containerization technologies including Docker and Kubernetes, and automation platforms such as Terraform, Ansible, and CloudFormation.
- Experience with cloud security platforms and cloud-native security tools, with AWS Security Hub preferred.
- Proficiency in scripting languages, JavaScript (is preferred), Bash, and PowerShell, with experience using security testing frameworks and static/dynamic analysis tools.
- Experience with vulnerability scanners (Nessus, OpenVAS), SAST/DAST tools, container security scanning solutions, and security orchestration platforms.
- Excellent communication skills with the ability to work effectively across cross-functional Scrum teams, security officers, compliance teams, and stakeholders in fast-paced development environments.
Benefits: