DevSecOps Engineer, Staff
AMERICAN SYSTEMS · Middletown, RI · 2 wk ago
Engineering$82k/yrFull-time
Responsibilities
- Design, implement, and maintain CI/CD pipelines (e.g., GitLab CI, GitHub Actions, Jenkins, Azure DevOps) to automate build, test, security scanning, and deployment processes.
- Integrate security tools (SAST, DAST, SCA, container scanning, secret detection) into the pipeline and enforce “shift-left” security practices.
- Develop and maintain Infrastructure as Code (IaC) using tools such as Terraform, Ansible, Helm, or CloudFormation.
- Implement and manage configuration management and environment provisioning for development, test, staging, and production environments.
- Administer and harden Linux-based systems (RHEL, CentOS, Rocky, Ubuntu, or similar) in accordance with DoD security standards (e.g., STIGs, CIS Benchmarks).
- Manage system services, networking, access controls, logging, and system monitoring on Linux platforms.
- Troubleshoot performance, reliability, and security issues on Linux servers, containers, and virtual machines.
- Build and maintain containerized workloads (Docker/Podman) and orchestrated environments (Kubernetes/OpenShift or similar).
- Implement and maintain security controls in line with DoD and federal requirements (e.g., RMF, NIST SP 800-53, NIST 800-171, CMMC).
- Support Authority to Operate (ATO) activities by producing required DevSecOps and system artifacts (e.g., pipeline documentation, security test results, configuration baselines).
- Collaborate with ISSOs, security engineers, and program managers to ensure continuous compliance and vulnerability remediation.
- Implement monitoring, alerting, and logging solutions (e.g., ELK/EFK, Splunk, Prometheus/Grafana) to support security operations and incident response.
- Work within the constraints and requirements of DoD acquisition lifecycle frameworks (e.g., DoDI 5000 series, DoD 5000.02, Adaptive Acquisition Framework).
- Align DevSecOps practices with program milestones, deliveries, and documentation expectations (e.g., CDR, TRR, test events, fielding).
- Participate in technical reviews, risk assessments, and planning sessions with program stakeholders and government customers.
- Provide technical input to acquisition artifacts such as System Engineering Plans, Test Plans, and Cybersecurity Strategies.
- Partner with developers, system engineers, cybersecurity, and program management to define secure architecture patterns and deployment strategies.
- Champion DevSecOps best practices, secure coding standards, and continuous improvement across the team.
- Mentor junior engineers and contribute to internal standards, templates, and playbooks.
Qualifications
- 3-5 years experience in classified or air-gapped environments and with cross-domain or disconnected DevSecOps workflows.
- Secret Clearance REQUIRED.
- Hands-on experience with: DoD Enterprise DevSecOps platforms (e.g., Platform One, Iron Bank, relevant containers registries), secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager, Key Management Systems), cloud platforms (AWS, Azure, GCP) and hybrid/multi-cloud environments in a government context (e.g., IL4/IL5, GovCloud).
- Relevant certifications, such as: Security+, CISSP, CASP+, or other DoD 8570/8140 certifications, Red Hat (RHCSA/RHCE), Linux Foundation (CKA/CKAD), or similar DevOps/Cloud certifications (e.g., AWS/Azure DevOps Engineer, CNCF).
- Experience with Agile/Scrum or SAFe in defense programs.
- Strong written and verbal communication skills, including the ability to document architectures, pipelines, and security controls clearly for technical and non-technical stakeholders.
- Ability to work collaboratively in a multi-disciplinary, multi-contractor environment.
- Demonstrated problem-solving skills and ownership mindset in highly regulated, mission-critical contexts.
Pay
The salary range for this position is USD $82,100.00/Yr. - USD $131,360/Yr. Actual compensation will be determined based on several factors permitted by law.
Benefits
AMERICAN SYSTEMS provides for the welfare of its employees and their dependents through a comprehensive benefits program by offering healthcare benefits, paid leave, retirement plans, insurance programs, and education and training assistance.