DevSecOps Compliance Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

BigBear.ai · 1 month ago

DevSecOps Compliance Engineer

positionAnnapolis Junction, MD
timeFull-time
remoteOnsite
seniorityMid Level

BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. They are seeking a DevSecOps Compliance Engineer to implement and maintain an automated compliance platform within customer DevSecOps pipelines, ensuring seamless integration and continuous compliance monitoring.

Artificial Intelligence (AI)GovernmentInformation TechnologyMachine LearningNational SecurityService Industry
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Integrate ATO Automation platform with customer CI/CD pipelines, source control systems (GitHub, GitLab), and DevOps toolchains
Configure and maintain automated security control validation workflows using ATO Automation platform's real-time code analysis capabilities
Implement continuous compliance monitoring by connecting ATO Automation platform to cloud service provider APIs (AWS, Azure) and infrastructure-as-code repositories
Automate System Security Plan (SSP) generation and maintain synchronization between system configurations and compliance documentation
Establish security gates within CI/CD pipelines that leverage ATO Automation platform’s automated control assessment capabilities
Collaborate with development teams to remediate compliance gaps identified through automated scanning
Configure integrations with security tools including SAST/DAST solutions (Fortify, SonarQube), container security platforms (Aqua, Twistlock), and vulnerability scanners (Tenable, Qualys)
Deploy ATO Automation platform connectors to GitLab or GitHub Enterprise repositories to enable real-time code analysis for NIST 800-53 control validation
Configure automated SSP generation workflows that parse infrastructure-as-code templates (Terraform, CloudFormation) and map security controls
Implement webhook integrations between ATO Automation platform and Jenkins pipelines to trigger compliance assessments on code commits
Create custom compliance dashboards that display real-time control implementation status across multiple frameworks (FedRAMP, CMMC, DoD SRG)
Develop automated remediation workflows that create JIRA tickets when ATO Automation platform detects compliance drift

Qualification

Active TS/SCI with PolyCI/CD platformsInfrastructure as CodeNIST 800-53 complianceContainerization platformsScripting languagesSecurity scanning toolsGit-based version controlOSCAL standardsLLM-based automationCompliance automation toolsAWS GovCloud experienceCMMC 2.0 knowledgeDevSecOps certificationsSIEM platformsZero-trust architectureContinuous monitoring

Required

Active TS/SCI with Poly
Strong experience with CI/CD platforms (Jenkins, GitLab CI, Azure DevOps, CircleCI)
Proficiency in Infrastructure as Code tools (Terraform, CloudFormation, ARM templates)
Deep understanding of NIST 800-53 Rev 5 security controls and FedRAMP compliance requirements
Experience with containerization and orchestration platforms (Docker, Kubernetes, OpenShift)
Knowledge of secure coding practices and application security testing methodologies
Proficiency in scripting languages (Python, Bash, PowerShell) for automation
Experience integrating security scanning tools into automated pipelines
Understanding of Git-based version control and branching strategies
Familiarity with OSCAL (Open Security Controls Assessment Language) standards

Preferred

Experience with LLM-based automation platforms and Retrieval-Augmented Generation (RAG) architectures
Prior implementation of compliance automation tools in federal environments
Hands-on experience with AWS GovCloud or Azure Government cloud platforms
Knowledge of CMMC 2.0 requirements and DoD Security Requirements Guide
Certifications: Certified DevSecOps Professional, AWS Security Specialty, Azure Security Engineer
Experience with SIEM platforms (Splunk, QRadar) and log aggregation
Understanding of zero-trust architecture principles
Familiarity with continuous monitoring (ConMon) requirements for federal systems

Company

BigBear.ai

twittertwittertwitter
company-logo
BigBear.ai's mission is to deliver clarity for the world's most complex decisions.
dateFounded in 2020
location
Fairfax, Virginia, USA
people-size501-1000 employees
web-link
https://www.bigbear.ai

Funding

Current Stage
Public Company
Total Funding
$225M
2023-01-17Post Ipo Equity· $25M
2021-12-08Post Ipo Debt· $200M
2021-12-08IPO

Leadership Team

leader-logo
Sean Ricker
Chief Financial Officer
linkedin

Recent News

The Motley Fool
The Biggest Risk to Your Stock Portfolio Is Not Buying AI -- It's Buying the Wrong Kind of AI
2026-01-18
The Motley Fool
Huge News: BigBear.ai Eliminates Debt and Resets the Story
2026-01-16
Morningstar.com
BigBear.ai Partners with the Kraft Group and New England Patriots to Drive Digital Transformation Efficiencies
2026-01-11
Company data provided by crunchbase