SecDevOps Engineer (Mid-Level 3)

Washington D.C.FullTimePosted Jul 2, 2026
Open original posting

About Knox

Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government’s most critical missions — from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance.


Work at Knox is high-impact and purpose-driven. The problems we solve are high-stakes, the expectations are high, and the results are visible. Speed, rigor, and trust matter here - because the environments we secure cannot fail. Your contributions are visible, your expertise is relied upon, and the impact of your work is immediate and measurable. We operate at federal scale, securing some of the most sensitive government environments in the country - because the systems we build must perform without fail.

The Role

The SecDevOps Engineer designs, automates, and maintains Knox’s secure cloud infrastructure and CI/CD pipelines across AWS, Azure, and GCP within our FedRAMP-authorized, multi-tenant boundaries. Day-to-day, the work centers on Zero Trust access, continuous monitoring, cloud security posture, and observability — keeping secure, compliant, and repeatable operations running across federal cloud environments.

The ideal candidate combines hands-on cloud architecture experience, automation expertise, and a deep security-operations mindset. This role bridges the gap between core cloud engineering and rigorous federal compliance, embedding security controls directly into the deployment fabric using Infrastructure as Code (IaC) and Policy-as-Code frameworks.

Role Focus & Technical Matrix

Zero Trust & Identity - Zscaler (ZPA / PRA), HashiCorp Vault, Okta, Azure AD / Entra ID, AWS IAM Identity Center

Infrastructure as Code - Terraform (Primary), Ansible, CloudFormation, GitOps (ArgoCD / Helm)

Security & Compliance- FedRAMP (IL4 boundaries), NIST 800-53, Wiz, Qualys, CrowdStrike,

OPA, HashiCorp Sentinel

Observability & Ops- Grafana, Prometheus, CloudWatch, PagerDuty, ServiceNow (CAB / eCAB)

Key Responsibilities

Zero Trust & Access Management

● Support and operate Zero Trust Network Access (Zscaler ZPA / PRA) architectures including app connectors, privileged remote access, and private application access boundaries.

● Manage privileged credentials, API tokens, and secrets lifecycle using HashiCorp Vault, establishing automated credential flows and programmatic rotation.

● Integrate and maintain federated identity providers (Okta, Azure AD / Entra ID, AWS IAM Identity Center) and actively support ongoing multi-cloud identity migrations.

● Enforce strict least-privilege access models and machine-to-machine credential rotation policies across all automation systems.

Cloud Infrastructure & Secure Automation

● Build and manage multi-tenant infrastructure across AWS, Azure, and GCP using Infrastructure as Code (Terraform primary; Ansible and CloudFormation as needed).

● Automate end-to-end provisioning, configuration management, and environment deployment workflows via secure CI/CD and GitOps paradigms.

● Manage cloud networking, IAM topologies, and security group configurations tailored strictly to FedRAMP controls and Impact Level 4 (IL4) boundaries.

CI/CD, Policy-as-Code & Container Security

● Develop and maintain secure CI/CD pipelines utilizing GitHub Actions, GitLab CI, Azure DevOps, or Jenkins.

● Integrate Policy-as-Code frameworks (OPA, HashiCorp Sentinel, or Azure Policy) into pipeline gates to enforce organizational compliance before infrastructure provisioning.

● Embed automated static application security testing (SAST), software composition analysis (SCA), and container vulnerability scans into active deployment workflows.

● Build, deploy, and troubleshoot containerized workloads within managed Kubernetes environments (EKS, AKS, GKE) using Helm, ArgoCD, or Kustomize.

Continuous Monitoring, Vulnerability & Compliance

● Support FedRAMP Continuous Monitoring (ConMon) cycles, managing incident tickets, Plan of Action and Milestones (POA&M) tracking, and technical remediation follow-through.

● Maintain IaC, pipeline architectures, and operating configurations compliant with FedRAMP and NIST 800-53 standards.

● Automate programmatic audit evidence generation for specific control requirements, including CM-2 (Baseline Configurations), CM-6 (Configuration Settings), AU-2 (Event Logging), and SC-12 (Cryptographic Key Establishment and Management).

● Participate in formal enterprise change management processes via ServiceNow, preparing documentation for Technical Change Reviews and Change Advisory Board (CAB/eCAB) workflows.

Observability & Incident Reliability

● Deploy and maintain centralized dashboards, alert definitions, log aggregation, and metrics/APM architectures using Grafana, Prometheus, or cloud-native tooling.

● Define, track, and report on Service Level Indicators (SLIs) and Service Level Objectives (SLOs) for critical secure services.

● Participate in the team's operational on-call rotation (PagerDuty), driving rapid incident resolution, root-cause analyses, and P1 war room execution.

Qualifications

Required Experience & Skills

Experience: 3–5 years of dedicated professional experience in SecDevOps, Cloud Security Engineering, DevOps, or Platform Engineering.

Cloud Infrastructure: Hands-on production experience with at least one major hyperscaler (AWS preferred), with functional exposure to Azure and/or GCP environments.

Automation & Scripting: High proficiency in Terraform and robust scripting capabilities (Python, Bash, or PowerShell); familiarity with Ansible is preferred.

Identity & Secrets: Practical experience managing enterprise identity/access tooling (Okta, Entra ID) and secrets management platforms (HashiCorp Vault, AWS KMS, or Azure Key Vault).

Security Tooling: Familiarity operating endpoint protection (EDR), cloud security posture management (CSPM), or vulnerability scanning platforms (e.g., CrowdStrike, Wiz, Qualys).

Containers: Experience building, configuring, and troubleshooting containerized environments (Docker, Kubernetes).

Compliance Alignment: A strong conceptual or practical understanding of FedRAMP, NIST 800-53, or SOC 2 compliance frameworks.

Preferred Certifications

● HashiCorp Certified: Terraform Associate

● AWS Certified SysOps Administrator or Solutions Architect (Associate)

● CompTIA Security+ or equivalent security credential

● Microsoft Certified: Azure Administrator Associate

Hiring Requirement: Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process.

Any offer of employment is contingent upon the successful completion of all required pre-employment screenings, including a background check, in accordance with applicable laws and government contract requirements.

Benefits & Perks

Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change.

We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free