DevSecOps Engineer

We are seeking a highly skilled and innovative DevSecOps Engineer to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

• Lead secure software engineering and DevSecOps practices: embed cybersecurity, compliance, and governance into SDLC and operational pipelines.
• Design, implement, and maintain automated CI/CD pipelines, infrastructure-as-code, configuration baselines, and build/release automation to support enterprise applications and modernization efforts.
• Translate ARNG G‑6 policies, CIO directives, and enterprise architecture requirements into actionable DevSecOps patterns, secure coding standards, and automation templates.
• Integrate security tooling (SAST, SCA, DAST, secret scanning), automated policy checks, and RMF evidence collection into pipeline workflows.
• Collaborate with program management, cybersecurity engineering, EA, SIG, and application teams to operationalize DevSecOps at scale and ensure interoperability with enterprise services.
• Evaluate emerging technologies, pilot automation/observability tools, and codify best practices to improve delivery speed, security, and reliability.
• Support IT governance: review policies, produce assessments, contribute to comment resolution matrices, and align DevSecOps implementations with enterprise modernization plans.
• Maintain documentation, runbooks, knowledge‑base artifacts, and executive‑level summaries to support decision‑making and knowledge transfer.
• Mentor engineering teams on secure automation, IaC practices, pipeline resiliency, and incident remediation within DevSecOps environments.

#ENOCS

Qualifications

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD

• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR
  • Relevant DoD/military training (example: Research & Development Specialist (Intermediate) Playlist); OR
  • Relevant professional certification or equivalent experience (examples: Security+).

• Required experience and skills:

  • Software engineering, platform engineering, or DevSecOps experience with at least 3 years implementing CI/CD, IaC, and secure automation in enterprise or regulated environments.
  • Hands‑on expertise with CI/CD tooling (Jenkins, GitLab CI, Azure DevOps, etc.), IaC (Terraform, CloudFormation), containerization (Docker, Kubernetes), and pipeline security integrations (SAST/SCA/DAST).
  • Familiarity with RMF/ATO evidence requirements, STIG/CSG application in pipeline contexts, and automated compliance validation.
  • Strong scripting and automation skills (Python, Bash, PowerShell), pipeline debugging, and observability/monitoring for build/deploy processes.
  • Ability to produce governance artifacts, technical assessments, and executive briefings; excellent collaboration and stakeholder facilitation skills.

• Desired:

  • Prior DoD/ARNG experience institutionalizing DevSecOps or supporting modernization at enterprise scale.
  • Experience with policy-as-code, policy enforcement tooling, secret management, and secure supply‑chain controls.
  • Familiarity with cloud-native CI/CD patterns, automated RMF evidence collection, and pipeline hardening for classified/unclassified environments.

#ENOCS