Apply on Employer Site

Northrop Grumman · 1 day ago

DevOps Engineer 4 – (26-002)

Colorado Springs, CO

Full-time

Onsite

Senior Level, Lead/Staff

$129K/yr - $194K/yr

4+ years exp

Northrop Grumman is a leading technology company that offers revolutionary systems impacting lives globally. They are seeking a Senior Principal Engineer DevOps – DevSecOps Engineer to support critical missile defense operations, focusing on infrastructure automation, security compliance, and system configuration.

AerospaceData IntegrationManufacturingRemote SensingSecurity

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Infrastructure-as-Code (IaC) Development

Design, write, and maintain IaC templates for Windows and Linux platforms using: Ansible , Packer , Python, and other scripting languages

Ensure all code is version-controlled, reviewed, and compliant with C2BMC's security standards

Fully automated Software Stack

Build and operate an end-to-end automation pipeline that provisions, hardens, and configures systems for the C2BMC program

Integrate automated testing, vulnerability scanning, and compliance verification into the stack

STIG Baseline Hardening Automation

Develop reusable Ansible playbooks and custom scripts that automatically apply the DoD STIG and baseline to C2BMC systems

Track and remediate any compliance drift on an ongoing basis

Configuration-Management Baseline

Establish a single source of truth for all configuration data (inventory, variables, and secrets) that feeds Ansible automation

Implement secure secret management ( Vault, Azure Key Vault, AWS Secrets Manager , etc.) and enforce idempotent deployments

Tooling & Technology refresh

Evaluate, prototype, and stand up new tools, containers, and services to keep C2BMC ahead of emerging technological trends

Provide documentation, training, and knowledge transfer for any new capabilities introduced to the team

Qualification

DevSecOps experienceAnsible proficiencyContainerizationScripting languagesCI/CD platformsInfrastructure-as-CodeVersion controlMonitoring & observabilityCompliance automationProblem-solving

Required

3-5 years of hands-on DevSecOps/DevOps experience in a high-security, mission-critical environment

Proven ability to write clean, maintainable code and familiarity with the software development lifecycle (SDLC)

Deep knowledge of Linux (RHEL, CentOS, Ubuntu) and/or Windows Server (2016/2019/2022) administration, including hardening and patch management

Direct experience implementing security baselines (STIG, CIS, NIST), vulnerability remediation, or hardening automation

Basic network fundamentals, including an understanding of TCP/IP, VLANs, routing, firewalls, VPNs, and basic network troubleshooting

A Bachelor's Degree in Computer Science, Systems Engineering, Software Engineering, Engineering, Mathematics, Physics, or a related field from an accredited university is preferred, along with 8 years of experience; or a Master's degree (preferred) in a related field with 6 years of relevant work experience; or PhD in a related discipline with 4 years of relevant work experience

Applicants must have a current, active DoD 8140 certification at IAT Level II or higher (such as Security+, CCNA, JNCIA, CISSP, etc.) at the time of application, which is required to start. The candidate is responsible for maintaining their DoD 8140 certification throughout the entire contract period

Applicants must have a current, active in-scope DoD-issued Secret security clearance at the time of application, which is required to start

Ansible – Advanced proficiency in playbook development, role creation, inventory management, and the Ansible Automation Platform

Containerization – Strong experience building, packaging, and deploying containerized applications (Docker, Podman) and orchestrating them with Kubernetes or OpenShift

Scripting Languages – Expert-level scripting in Python, Bash, and/or PowerShell for automation, data manipulation, and API integration

CI/CD Platforms – Hands-on with GitLab and CI/CD (Jenkins, Azure DevOps, GitHub Actions) to design pipelines that include unit tests, security scans, and automated deployments

Version Control Collaboration – Mastery of Git & workflows, pull-request reviews, branching strategies, and code-ownership practices

Infrastructure-as-Code Tools – Proficiency with Terraform/Packer for platform-agnostic resource provisioning

Monitoring & Observability – Experience configuring telemetry (Prometheus, Grafana, ELK/EFK stacks, Splunk) and alerting in automated environments

Secret & Credential Management – Familiarity with HashiCorp Vault, Azure Key Vault, AWS Secrets Manager, or equivalent

Compliance Automation – Ability to script and integrate compliance checks (OpenSCAP, InSpec, Chef InSpec) into the deployment pipeline

Problem-Solving & Incident Response – Comfortable troubleshooting complex, multi-layered failures and participating in on-call rotation for production issues