Sr. DevSecOps Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

UIC Commercial Services · 4 weeks ago

Sr. DevSecOps Engineer

positionSan Diego,CA,USA
timeFull-time
remoteOnsite
senioritySenior Level
money$120K/yr - $150K/yr
date5+ years exp

UIC Commercial Services is seeking a Sr. DevSecOps Engineer to support operational systems integration and development for military medical treatment facilities. The role involves building an automated compliance and AI-driven security operations platform, focusing on security hardening, compliance automation, and container security.

ConstructionShipping
check
Comp. & BenefitsbadNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Build automated OpenSCAP pipelines to scan Ubuntu 24.04 LTS and other Linux hosts using DISA STIG benchmarks
Integrate XCCDF and OVAL results into OpenRMF using automated ingestion workflows
Develop hardened base images (VMs and containers) aligned to DISA STIG requirements
Integrate RapidFort scans into CI/CD pipelines
Automate ingestion of SCAP JSON into OpenRMF
Ensure curated images remain compliant and low-CVE
Support generation of automated DISA checklists (CKLs) and POA&M updates
Work with compliance and engineering teams to resolve findings and track remediation progress via OpenRMF
Deploy/tune Wazuh agents across hosts and workloads
Configure pipelines from Wazuh → Elastic → Tines
Write and maintain Elastic SIEM detection rules
Develop Tines workflows to automate: SCAP ingestion, RapidFort event processing, Elastic SIEM alert enrichment, Compliance notifications & ticketing
Integrate LLMs to: Summarize alerts, Draft POA&M entries, Generate remediation guidance, Produce daily/weekly SOC and compliance reports
Contribute to secure CI/CD pipelines, secrets management, system hardening, logging, and access control aligned with DoD RMF

Qualification

Linux engineeringOpenSCAPDISA STIGsCI/CD pipelinesElastic StackSOAR platformsContainer securityRMF knowledgePython scriptingBash scriptingAI integrationCommunicatorMentoring others

Required

Five to ten (10+) years Linux engineering with security hardening focus
Hands-on experience with OpenSCAP, DISA STIGs, SCAP benchmarks, and STIG automation
Experience working with OpenRMF (or similar RMF automation platforms)
Strong knowledge of RMF, FedRAMP, or CMMC
CI/CD pipeline experience (GitLab CI, GitHub Actions, Jenkins, etc.)
Hands-on experience with Elastic Stack and Wazuh
Experience deploying or integrating SOAR platforms (Tines preferred; XSOAR or Splunk SOAR acceptable)
Container security experience (RapidFort, Anchore, Trivy, Aqua, etc.)
Ability to lead architecture decisions and mentor others
Strong communicator capable of translating compliance needs into technical workflows
Able to operate independently in a fast-paced federal/healthcare environment
Comfortable producing documentation for audits and ATO packages
Must be able to lift up to 20 pounds
Must be able to stand and walk for prolonged amounts of time
Must be able to twist, bend and squat periodically
Must be able to obtain a security clearance at the Public Trust level
US Citizenship is a requirement

Preferred

Familiarity with ATO workflows (IL4/IL5, DoD impact levels)
AI integration experience using OpenAI, Azure OpenAI, or similar
Python or Bash scripting for automation
Experience with NIST 800-53, CNSSI 1253, or DoD Cybersecurity standards

Company

UIC Commercial Services

twittertwitter
company-logo
UIC Commercial Services is a division of Ukpeaġvik Inupiat Corporation, the Alaska Native Village Corporation for Utqiaġvik, Alaska.
dateFounded in 1984
location
Anchorage, Alaska, USA
people-size201-500 employees
web-link
https://uicalaska.com/our-companies/uic-commercial-services/uic-bowhead-transport-llc/

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Don Gray
Vice President of UIC Oil & Gas and Marine Services
linkedin
Company data provided by crunchbase