DEVSECOPS ENGINEER

Role Overview

DevSecOps Engineer (full-time, remote — 40 hours/week, USA). You will design, deploy, and maintain secure, cloud-native infrastructure and deliver hardened and compliant software systems at scale. The role is at the intersection of platform engineering, security, and DevSecOps with strong alignment to Department of War (DoW) policies, toolchains, and accreditation processes.

Responsibilities

• Design and maintain Kubernetes-based infrastructure (cluster provisioning, RBAC, network policy, workload management).
• Package and deploy applications with Helm (maintain chart repositories and manage release lifecycle across environments).
• Implement and enforce Kubernetes policy controls using Istio, OPA Gatekeeper, Kyverno, and admission controller tooling.
• Build and maintain CI/CD pipelines (GitLab CI, GitHub Actions, Jenkins) and integrate automated security scanning and compliance gates.
• Deploy and operate workloads on AWS GovCloud and Azure Government, architecting for high availability, disaster recovery, and cross-region compliance.
• Manage and harden container images and integrate with government-grade registries (e.g., Iron Bank / registry-1 style workflows).

Requirements

• 4+ years hands-on experience with Kubernetes in production.
• Experience deploying/managing applications via Helm in multi-environment configurations.
• Working knowledge of Istio and at least one of: OPA Gatekeeper or Kyverno (or equivalent policy/service mesh tooling).
• Knowledge of one major CI/CD platform: GitLab CI, GitHub Actions, or Jenkins.
• Hands-on experience with AWS and/or Azure including IAM, networking, storage, and managed Kubernetes (EKS/AKS).
• Understanding container image workflows: build, scan, harden, and distribute via OCI registries.
• Experience with monitoring/observability: Prometheus and Grafana and/or Datadog.
• Experience with SSO/identity federation, familiarity with Keycloak or equivalent OIDC/SAML providers.

Nice to Have

• Familiarity with Iron Bank/registry-1 and software factory environments (e.g., Platform One / Big Bang).
• Experience with GitLab Ultimate security dashboards and dependency scanning.
• Experience supporting military branch programs (Air Force, Space Force, Navy, or others).
• Exposure to software supply chain security tooling (e.g., Sigstore/cosign, vulnerability scanning, SBOM, compliance scanning).
• Prior experience with Cato or continuous authorization / Ongoing Authorization environments.
• Certifications: CKA, CKS, AWS GovCloud, or equivalent.
• Understanding DoD compliance frameworks such as NIST 800-53, STIGs, RMF, FedRAMP.
• Active DoW/DoD security clearance (Secret or higher) is a strong advantage.