This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a DevSecOps Engineer based in United States.
This role sits at the intersection of software engineering, cybersecurity, and cloud infrastructure, with a strong focus on securing mission-critical systems in highly regulated environments.
You will design and maintain secure CI/CD pipelines that embed security from development through deployment, ensuring continuous compliance with federal standards.
The position plays a key role in strengthening DevSecOps maturity across cloud and containerized platforms used for defense and government-grade workloads.
You will work closely with engineering, security, and operations teams to automate infrastructure, enforce controls, and improve system reliability at scale.
A major part of the role involves supporting compliance frameworks such as RMF and FedRAMP while contributing to Authorization to Operate (ATO) processes.
The environment is highly collaborative and technical, with an emphasis on automation, security engineering, and cloud-native best practices.
It is ideal for someone who thrives in complex systems and wants to contribute to impactful national security and enterprise-scale platforms.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a DevSecOps Engineer based in United States.
This role sits at the intersection of software engineering, cybersecurity, and cloud infrastructure, with a strong focus on securing mission-critical systems in highly regulated environments.
You will design and maintain secure CI/CD pipelines that embed security from development through deployment, ensuring continuous compliance with federal standards.
The position plays a key role in strengthening DevSecOps maturity across cloud and containerized platforms used for defense and government-grade workloads.
You will work closely with engineering, security, and operations teams to automate infrastructure, enforce controls, and improve system reliability at scale.
A major part of the role involves supporting compliance frameworks such as RMF and FedRAMP while contributing to Authorization to Operate (ATO) processes.
The environment is highly collaborative and technical, with an emphasis on automation, security engineering, and cloud-native best practices.
It is ideal for someone who thrives in complex systems and wants to contribute to impactful national security and enterprise-scale platforms.
Accountabilities
- Lead the design, implementation, and optimization of secure CI/CD pipelines, embedding security tools such as SAST, DAST, and container scanning into automated workflows. Build and maintain infrastructure-as-code solutions using tools such as Terraform, Ansible, or CloudFormation across cloud environments including AWS and Azure.
- Implement and enforce security baselines including STIGs, DISA controls, and NIST SP 800-53 requirements, translating compliance obligations into automated validation and enforcement mechanisms. Support RMF processes and contribute to Authorization to Operate documentation and continuous monitoring strategies.
- Manage and optimize DevSecOps toolchains such as GitLab, Jenkins, ArgoCD, SonarQube, Nexus, and Vault while ensuring secure deployment practices across Kubernetes-based environments.
- Collaborate closely with security, development, and operations teams to ensure alignment with federal cybersecurity frameworks and Zero Trust Architecture principles. Serve as a technical advisor for compliance, security engineering, and automation best practices.
- 7+ years of experience in DevSecOps, SRE, or infrastructure engineering roles, ideally within regulated or government-related environments. Strong expertise in secure CI/CD, cloud infrastructure, and containerized systems using Docker and Kubernetes.
- Deep understanding of federal compliance frameworks such as RMF, FedRAMP, and NIST 800-53, with proven experience supporting ATO processes and security audits.
- Strong hands-on experience with cloud platforms such as Amazon Web Services and Microsoft Azure, as well as infrastructure automation and scripting using Python, Bash, or similar tools.
- Proven ability to implement DevSecOps toolchains, manage security controls in pipelines, and drive automation for compliance and operational efficiency.
- Excellent communication skills with the ability to collaborate across engineering, security, and leadership stakeholders in complex technical environments.
- Experience working with Zero Trust Architecture concepts and familiarity with Kubernetes security hardening is highly desirable.
- Competitive medical, dental, and vision insurance coverage
- Unlimited paid time off with additional federal holiday leave
- 12 weeks of paid parental leave
- Employer-paid short-term and long-term disability coverage
- Employer-paid life insurance
- 401(k) retirement plan with employer match
- Equity incentive opportunities
- Professional development and training support
- Fully remote work with flexibility and autonomy