Apply on Employer Site

Pratt Miller · 2 days ago

DevSecOps Engineer-Experienced

New Hudson, MI

Full-time

Onsite

Mid, Senior Level

$79K/yr - $127K/yr

Pratt Miller, an Oshkosh Company, is a product development firm in the motorsports, defense, and mobility sectors. They are seeking a DevSecOps Engineer responsible for implementing secure development pipelines and compliant infrastructure for defense programs, ensuring adherence to cybersecurity standards and collaborating with various teams to deliver secure solutions.

AutomotiveLogistics

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Responsible for the design, implementation, and maintenance of secure DevSecOps infrastructure and delivery pipelines to support defense programs under CMMC Level 2 compliance

Implement security controls and automation within CI/CD pipelines using GitLab and related DevSecOps tooling

Ensure adherence to secure coding practices, compliance with NIST SP 800-171/172, and CMMC Level 2 cybersecurity standards across software development and infrastructure management

Collaborate with defense software and cybersecurity teams to integrate automated testing, vulnerability management, and secure deployment strategies into cloud and on-prem environments

Assist in identifying technologies and tools that enhance security posture, automation, and compliance monitoring capabilities

Maintain a customer-focused view of system security and DevSecOps process effectiveness across defense project initiatives

Participate in technical and compliance reviews with customers and stakeholders to ensure systems meet mission-critical availability, reliability, and security requirements

Research and implement new technologies, security tools, and methodologies to enhance automation, compliance, and system resilience

Stay informed on evolving DoD cybersecurity standards, cloud governance models, and zero-trust architectures to ensure continuous compliance

Work across multidisciplinary engineering and IT teams, integrating security controls within development and operational environments

Collaborate with network, software, and security engineers to ensure end-to-end protection of systems hosting Controlled Unclassified Information (CUI)

Participate in design and code reviews, infrastructure planning meetings, and post-implementation security assessments

Work effectively with remote and hybrid teams using collaboration tools such as MatterMost and GitLab

Demonstrate strong analytical thinking and problem-solving skills with the ability to address complex infrastructure and cybersecurity challenges

Leverage automation and monitoring to proactively identify and resolve performance or compliance issues within DevSecOps pipelines

Strong documentation skills for configurations, compliance evidence, and SOPs

Ability to clearly explain complex security concepts to both technical and non-technical audiences

Self-starter with a security-first mindset and the ability to manage multiple projects with minimal supervision

Collaborative and communicative, with consistent effectiveness working across disciplines

Qualification

DevSecOps principlesCI/CD pipelinesNIST complianceAWS GovCloudGitLabAutomated security testingInfrastructure-as-codeZero-trust architectureAnalytical thinkingProblem-solvingDocumentation skillsCollaboration

Required

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field; advanced degree preferred

Must meet the requirements for obtaining a U.S. Government clearance; active Secret or higher clearance preferred

Experience developing and maintaining secure CI/CD pipelines using GitLab, Jenkins, or Azure DevOps

Experience implementing automated security testing tools (SAST, DAST, SCA) and vulnerability management systems

Experience with CMMC Level 2 or NIST 800-171 compliance in defense or government environments

Experience managing secure infrastructure in AWS GovCloud, Azure Government, or on-prem DoD-accredited environments

Strong documentation skills for configurations, compliance evidence, and SOPs

Ability to clearly explain complex security concepts to both technical and non-technical audiences

Self-starter with a security-first mindset and the ability to manage multiple projects with minimal supervision

Collaborative and communicative, with consistent effectiveness working across disciplines

Deep understanding of DevSecOps principles, CI/CD, and automation frameworks

Expertise in network architecture and security (TCP/IP, VLANs, VPNs, firewalls, IDS/IPS systems)

Active Directory and Group Policy administration for secure identity and access management

Experience implementing zero-trust and least-privilege access models

Knowledge of cloud security configurations, infrastructure-as-code (Terraform, Ansible), and container orchestration (Docker, Kubernetes)

Familiarity with CMMC Level 2, DFARS 252.204-7012, and DoD cybersecurity frameworks

Networking/Infrastructure/Security: TCP/IP, VLAN, VPN, DNS, zero-trust networking; firewalls; IDS/IPS; endpoint protection; Active Directory/Azure AD; log aggregation and monitoring (Prometheus, Kibana, Splunk, Jaeger)

DevSecOps / Automation Tools: GitLab, Jenkins, Azure DevOps, Nexus, Ansible, Terraform; Docker and Kubernetes; SAST/DAST/fuzz testing/SBOM tools; OpenTelemetry; Prometheus; collaboration tools including MatterMost and Jira/Atlassian

Cloud Platforms: AWS GovCloud (EC2, Lambda, Route 53, ECR, CloudTrail); Azure Government (Virtual Machines, IoT Hub, Functions, CosmosDB, Azure Security Center)