DevSecOps Engineer – Top Secret Clearance Required

We are seeking a DevSecOps Engineer to lead systems and software engineering activities across the full lifecycle, with a strong focus on integrating security into every phase of development and operations. This role ensures the delivery of secure, scalable, and reliable solutions that meet mission and operational requirements while balancing cost, schedule, and technical constraints.

Key Responsibilities

• Plan, design, develop, and implement secure software and system solutions across the full lifecycle-from concept through deployment, maintenance, and retirement.
• Integrate security practices into CI/CD pipelines, build environments, and deployment frameworks.
• Perform system-level analyses incorporating cybersecurity standards, software architecture, and infrastructure requirements.
• Develop and maintain automated security testing, vulnerability scanning, and compliance validation within DevOps workflows.
• Translate customer and product requirements into secure system architectures and software designs.
• Conduct functional analysis, trade studies, and requirements allocation to ensure security and performance objectives are met.
• Collaborate with development, operations, and security teams to enforce secure coding practices and address vulnerabilities.
• Monitor and remediate security risks across applications, systems, and infrastructure.
• Prepare technical documentation, operating instructions, and compliance reports.
• Ensure adherence to industry standards, security frameworks, and best practices throughout the development lifecycle.

Required Skills

• REQUIRED: Top Secret Security Clearance
• Strong understanding of integrating security into DevOps processes and CI/CD pipelines.
• Proficiency in secure software development principles and vulnerability mitigation.
• Experience with automation tools (e.g., Jenkins, GitLab CI/CD) and scripting languages (Python, Bash).
• Familiarity with securing cloud environments (AWS, Azure) and containerized applications (Docker, Kubernetes).
• Knowledge of vulnerability scanning, static/dynamic code analysis, and compliance tools (e.g., SonarQube, OWASP, Snyk).
• Experience with tools like Terraform or Ansible for secure infrastructure provisioning.
• Understanding of NIST, ISO, and other security frameworks.