We are looking for a highly talented technical hands-on DevSecOps & Evidence-Automation Engineer to help accelerate our growing Professional Services business within the Government Sector. This is a 100% remote position. You will build the CI/CD security pipeline and the automated evidence collectors that shift a federal continuous Authorization to Operate (cATO) program from periodic manual evidence collection to near-real-time machine-generated control evidence.
Duties & Responsibilities
CI/CD Security Pipeline: Build and operate a pipeline (SAST DAST SCA container scanning SBOM secrets) integrated across source build test release deploy and runtime.
Evidence Automation: Write evidence collectors (Python/boto3 serverless functions Go) that pull cloud scanner and SIEM data and map it to security controls (NIST SP 800-53).
Source-Control Governance: Establish review gates and attestation formats.
Integration: Build and maintain API/connector integrations and event-driven data flows feeding the evidence and GRC layer.
Identity & Secrets: Engineer identity PKI and secrets workflows (HashiCorp Vault AWS Secrets Manager) supporting control evidence.
Qualifications
High level of attention to detail needs minimal guidance effective verbal and written communication.
7 years building cloud-native event-driven services and automation on AWS (serverless Terraform/IaC Docker).
Strong in Go and/or Java (Spring Boot); Apache Kafka or equivalent event streaming.
CI/CD pipeline engineering (Jenkins/GitHub Actions) and infrastructure-as-code.
PKI/X.509 and secrets-management engineering (HashiCorp Vault AWS Secrets Manager).
Ability to map technical evidence to security controls (NIST SP 800-53).
SBOM generation and container signing a plus.
Education
Bachelor of Science (or higher) in computer engineering computer science information technology cyber security or a related field.
Another major will be considered provided it clearly addresses at least one of the following: cyber security engineering systems administration information systems security software development security systems engineering information systems or information technology.
Clearance Level
No Clerance required but an active Secret Clearance is preferred.
Work Location
Primary location(s) are Arlington and Alexandria VA. Remote work is authorized but the employee may have to report to one of the primary sites occasionally or as requested by management or the client.
Hours of Operation
6:00 am ET 6:00 pm ET
SALARY RANGE
$145000-$175000
Ability to pass a minimum background investigation.
Required Experience:
IC
DevSecOps & Evidence-Automation Engineer Position OverviewWe are looking for a highly talented technical hands-on DevSecOps & Evidence-Automation Engineer to help accelerate our growing Professional Services business within the Government Sector. This is a 100% remote position. You will build the C...
DevSecOps & Evidence-Automation Engineer
Position Overview
We are looking for a highly talented technical hands-on DevSecOps & Evidence-Automation Engineer to help accelerate our growing Professional Services business within the Government Sector. This is a 100% remote position. You will build the CI/CD security pipeline and the automated evidence collectors that shift a federal continuous Authorization to Operate (cATO) program from periodic manual evidence collection to near-real-time machine-generated control evidence.
Duties & Responsibilities
CI/CD Security Pipeline: Build and operate a pipeline (SAST DAST SCA container scanning SBOM secrets) integrated across source build test release deploy and runtime.
Evidence Automation: Write evidence collectors (Python/boto3 serverless functions Go) that pull cloud scanner and SIEM data and map it to security controls (NIST SP 800-53).
Source-Control Governance: Establish review gates and attestation formats.
Integration: Build and maintain API/connector integrations and event-driven data flows feeding the evidence and GRC layer.
Identity & Secrets: Engineer identity PKI and secrets workflows (HashiCorp Vault AWS Secrets Manager) supporting control evidence.
Qualifications
High level of attention to detail needs minimal guidance effective verbal and written communication.
7 years building cloud-native event-driven services and automation on AWS (serverless Terraform/IaC Docker).
Strong in Go and/or Java (Spring Boot); Apache Kafka or equivalent event streaming.
CI/CD pipeline engineering (Jenkins/GitHub Actions) and infrastructure-as-code.
PKI/X.509 and secrets-management engineering (HashiCorp Vault AWS Secrets Manager).
Ability to map technical evidence to security controls (NIST SP 800-53).
SBOM generation and container signing a plus.
Education
Bachelor of Science (or higher) in computer engineering computer science information technology cyber security or a related field.
Another major will be considered provided it clearly addresses at least one of the following: cyber security engineering systems administration information systems security software development security systems engineering information systems or information technology.
Clearance Level
No Clerance required but an active Secret Clearance is preferred.
Work Location
Primary location(s) are Arlington and Alexandria VA. Remote work is authorized but the employee may have to report to one of the primary sites occasionally or as requested by management or the client.
Hours of Operation
6:00 am ET 6:00 pm ET
SALARY RANGE
$145000-$175000
Ability to pass a minimum background investigation.