Jobs · Legal

Senior DevSecOps Engineer, Government Systems Security & Compliance

APIUM Swarm Robotics - A Red Cat Company · San Diego, CA · 2 wk ago
RemoteRemoteLegalFull-time

Position Summary

Apium Swarm Robotics (ASR) is revolutionizing swarm autonomy software for air, surface, undersea, and ground vehicles operating across dual-use commercial and defense environments. Our systems are deployed on real platforms, tested in the field, and delivered to customers operating in complex, uncertain, and safety-critical conditions. We do not build research prototypes or slideware. Our software is integrated into real vehicles, tested in the field, and delivered to customers who depend on operational reliability, speed of execution, and mission relevance. We prioritize performance over hype.

Essential Duties And Responsibilities

  • Design and implement CI/CD security gates (SAST, dependency scanning, secrets detection, SBOM generation) across ASR’s version control organization (GitHub, GitLab, or equivalent)

  • Establish structured artifact management with semantic versioning, signed releases, and audit-traceable build provenance; manage release pipelines across incrementally constrained compliance tiers (commercial, CMMC-controlled, SIPRNet-classified)

  • Own CMMC Level 2 compliance posture; develop and maintain SSP, POA&M, and ATO/IATT support documentation for government program deliveries

  • Apply NIST SP 800-82 OT security controls to embedded flight software, GCS services, and swarm communications protocols

  • Implement technical controls for CUI handling, export-controlled repository access, and ITAR/EAR compliance in development workflows

  • Define threat modeling and SSDF (NIST SP 800-218) practices; maintain SBOM generation per EO 14028 and DoD supply chain requirements

  • Ensure source control organization meets required security standards: MFA applied as required, least-privilege access controls maintained, audit logging confirmed, and third-party application permissions managed

  • Support corporate IT integration: align ASR’s development environment with broader CMMC and CUI enclave requirements as the company scales

Required Qualifications

  • Active Secret clearance or demonstrated ability and willingness to obtain one

  • 5+ years of DevSecOps, security engineering, or information assurance experience, with at least 2 years in a DoD or defense contractor environment

  • Practical experience with GitHub Actions, GitLab CI, or equivalent CI/CD platforms, including writing custom pipeline configurations for security automation

  • Understanding of OT/embedded system security distinctions from enterprise IT; ability to apply NIST 800-82 to firmware and autopilot-layer software

  • Experience with SBOM generation tooling (e.g., Syft, CycloneDX, SPDX) and DoD supply chain security requirements

  • Familiarity with ITAR/EAR technical controls: CUI handling, export-controlled repository access, and developer access management

  • Comfort working independently with limited oversight; ability to remain calm and effective under operational pressure

Additional Desired Qualifications

  • BS in Computer Science or related field preferred

  • Experience authoring NIST SP 800-171 SSP and POA&M documentation in a DoD or defense contractor environment

  • Experience managing release pipelines across incrementally constrained compliance environments (e.g., commercial release, CMMC-controlled distribution, SIPRNet-classified behaviors)

  • CMMC Registered Practitioner (RP) or Certified Professional (CP); DoD 8570/8140 compliant certification (CISSP, Security+, or equivalent)

  • Familiarity with RMF and DISA STIG applicability for Linux-based embedded systems

  • Experience with Android application security including APK signing and MDM for government tablet deployments

  • Prior work on UAS, robotics, or autonomous systems; familiarity with PX4/ArduPilot is a differentiator

  • Experience with ATAK/WinTAK plugin security and TAK server CUI handling

Physical Requirements And Working Conditions

  • Must be able to walk, stand, and navigate large indoor and outdoor facilities for extended periods of time

  • Ability to lift, carry, and move materials and equipment weighing up to 25 lbs on a regular basis

  • Use of personal protective equipment (PPE) may be required in designated areas or when performing specific tasks, in accordance with safety protocols and company policy

  • Regular exposure to facility operations including noise, dust, temperature fluctuations, and industrial equipment

  • Occasional off-hours or weekend work required for emergency facility responses or projects as needed

  • Requires frequent use of a computer and other standard office equipment for documentation, communication, and coordination tasks

EEO and ITAR/EAR Work Authorization Disclosure

This position will require successfully completing a post-offer background check. Qualified candidates with a criminal history will be considered and are not automatically disqualified, consistent with federal and state law. EEO and ITAR/EAR Work Authorization Disclosure Red Cat Holdings provides equal employment opportunities (EEO) to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This position requires direct or indirect access to hardware, software, technology or technical data controlled under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). Successful candidates for positions subject to ITAR/EAR restrictions must provide proof of U.S. Citizenship or Permanent Residence and must not require sponsorship for export-restricted work authorization.

Compensation

Base pay $90-124K, plus generous annual equity package and potential bonuses.

Similar jobs