DevSecOps Engineer with Security Clearance
NexTech Solutions LLC · Tampa, FL · 1 mo ago
Information TechnologyFull-time
Key Responsibilities
- Platform & Infrastructure Design, provision, and maintain production Kubernetes clusters (RKE2 / EKS / GKE / AKS) across cloud and on-premises environments
- Manage cluster lifecycle: upgrades, node pool scaling, multi-tenancy, and namespace governance
- Implement and maintain CNI solutions (Calico, Cilium, Multus) including advanced networking topologies such as macvlan and SR-IOV
- Operate GitOps workflows (e. g. ArgoCD) for declarative, auditable cluster state management
- Develop and maintain Helm charts for platform and application services
- Build and maintain CI/CD pipelines in GitLab CI (and/or GitHub Actions) with integrated security scanning and artifact signing
- Integrate SAST, DAST, SCA, and container image scanning (Trivy, Grype, Semgrep) into pipeline gates
- Implement supply-chain security controls: SBOM generation, cosign image signing, and Sigstore policy enforcement
- Automate OS image builds using Packer (QEMU, vSphere) targeting RHEL, AlmaLinux, Debian/Ubuntu, and Windows
- Manage secrets at scale using Vault, External Secrets Operator, or equivalent solutions
- Enforce runtime security through admission controllers (Kyverno / OPA Gatekeeper), Pod Security Standards, and network policies
- Own vulnerability management processes including scheduled scanning, triage, and remediation
- Support compliance initiatives (SOC 2, FedRAMP, NIST 800-53) by maintaining audit-ready infrastructure-as-code and evidence artifacts
- Conduct threat modeling and security architecture reviews for new platform capabilities
- Respond to and lead post-mortems for security incidents and infrastructure outages
- Deploy and operate observability stacks: Prometheus, Grafana, Loki, and OpenTelemetry collectors
- Define and track SLOs/SLAs; build alerting and on-call runbooks to drive reliability improvements
- Implement cost observability and right-sizing workflows for cloud and on-prem workloads
- Partner with development teams to design deployment patterns, resource quotas, and autoscaling strategies
- Produce clear documentation, runbooks, and internal training materials for platform capabilities
- Mentor junior engineers and participate in architecture decision records (ADRs)
Security & Compliance
- Enforce runtime security through admission controllers (Kyverno / OPA Gatekeeper), Pod Security Standards, and network policies
- Own vulnerability management processes including scheduled scanning, triage, and remediation
- Support compliance initiatives (SOC 2, FedRAMP, NIST 800-53) by maintaining audit-ready infrastructure-as-code and evidence artifacts
- Conduct threat modeling and security architecture reviews for new platform capabilities