Jobs · Engineering

Sr. DevSecOps Engineer (US)

Craft.co · United States · 2 mo ago
RemoteRemoteEngineering$170k/yrFull-time

About the Role

You’ll own and lead the implementation of security controls, compliance automation, and secure architecture patterns required to achieve and maintain FedRAMP authorization at both Moderate and High impact levels, with alignment to DoW IL2 and IL5 requirements.

You’ll translate NIST 800-53 Rev. 5 requirements into scalable, auditable technical controls across our platform.

You’ll lead the FedRAMP readiness effort day-to-day — driving the ATO timeline, shaping the program’s architecture, and upleveling team expertise in FedRAMP and NIST controls.

What You'll Do

  • Lead Craft’s FedRAMP readiness program — defining the roadmap, owning the ATO timeline, and driving execution across engineering and security stakeholders.
  • Design and implement AWS GovCloud architecture that meets FedRAMP Moderate and High requirements.
  • Translate NIST 800-53 Rev. 5 controls into concrete, auditable, and continuously enforced technical implementations — not just documentation.
  • Build and maintain compliance automation tooling to continuously validate control adherence across the environment, reducing manual audit burden.
  • Develop and manage secure CI/CD pipelines with integrated security gates, secrets management, and deployment controls appropriate for FedRAMP environments.
  • Author and maintain System Security Plans (SSPs), control implementation statements, and audit evidence packages; work directly with auditors and 3PAOs through assessment cycles.
  • Perform threat modeling, risk assessments, and security architecture reviews across the platform.
  • Define and drive how FedRAMP controls are embedded across the engineering lifecycle, partnering with full-stack, data, and machine learning teams to ensure consistent, scalable adoption.
  • Serve as the internal subject matter expert on FedRAMP, NIST 800-53, and federal compliance — upleveling the broader team’s knowledge as the program matures.

Who You Are

  • Required: Direct, hands-on FedRAMP ATO experience; strong working knowledge of NIST 800-53 Rev. 5 controls and how to implement them technically; deep hands-on experience securing AWS environments; direct experience with AWS GovCloud, including its constraints and operational differences from commercial AWS; advanced Terraform skills; experience building or hardening CI/CD pipelines for secure, compliant deployments; experience working directly with auditors and 3PAOs.
  • Nice to Have: SOC 2 Type II experience, particularly in environments where mapped or extended to support FedRAMP or NIST frameworks; experience securing data platforms such as Databricks, including data isolation and access control patterns; familiarity with AI and LLM security concepts; experience working in a startup or lean DevSecOps environment.

Similar jobs

Sr. DevSecOps Engineer

CACI International IncFairfax, VA· 4 days ago
Engineeringapply on searchcareers.caci.com

Sr. DevSecOps Engineer

UICGS / Bowhead Family of CompaniesSan Diego, CA· 4 days ago
Information Technologyapply on bowheadcareers-uicalaska.icims.com

Sr DevSecOps Engineer

MedtronicLafayette, CO· 1 wk ago
Engineering$125k–$187k/yrapply on medtronic.wd1.myworkdayjobs.com