DevSecOps Engineer (26-002) jobs in United States
cer-icon
Apply on Employer Site
company-logo

SecureStrux® · 20 hours ago

DevSecOps Engineer (26-002)

positionAlabama, United States
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$120K/yr - $163K/yr
date7+ years exp

SecureStrux® is seeking a DevSecOps Engineer to support the C2BMC program. The role involves developing Infrastructure-as-Code solutions, managing automation pipelines, and ensuring compliance with security standards.

Cyber SecurityGovernmentInformation TechnologyNational SecuritySecurity
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Infrastructure-as-Code (IaC) Development
Design, write, and maintain IaC templates for Windows and Linux platforms using Ansible, Packer, Python and other scripting languages
Ensure all code is version-controlled, reviewed, and compliant with C2BMC security standards
Build and operate an end-to-end automation pipeline that provisions, hardens, and configures systems for the C2BMC program
Integrate automated testing, vulnerability scanning, and compliance verification into the stack
Develop reusable Ansible playbooks and custom scripts that automatically apply the DoD STIG baseline to C2BMC systems
Track and remediate any compliance drift on an ongoing basis
Establish a single source of truth for all configuration data (inventory, variables, secrets) that feeds the Ansible automation
Implement secure secret management (Vault, Azure Key Vault, AWS Secrets Manager, etc.) and enforce idempotent deployments
Evaluate, prototype, and stand up new tools, containers, and services that keep C2BMC ahead of emerging technology trends
Provide documentation, training, and knowledge-transfer for any new capabilities introduced to the team

Qualification

Infrastructure-as-CodeAnsibleDevSecOps experienceLinux administrationScripting LanguagesCI/CD PlatformsContainerizationVersion ControlCompliance AutomationProblem-Solving

Required

Bachelor's Degree and 9+ years' experience, or a Master's Degree and 7+ years' experience
Active Secret clearance required to start
Active IAT Level II Certification (Security+ or equivalent) required
3-5 years of hands-on DevSecOps/DevOps experience in a high-security, mission-critical environment
Proven ability to write clean, maintainable code; familiarity with the software development lifecycle (SDLC)
Deep knowledge of Linux (RHEL, CentOS, Ubuntu) and/or Windows Server (2016/2019/2022) administration, including hardening and patch management
Direct experience implementing security baselines (STIG, CIS, NIST), vulnerability remediation, or hardening automation
Have basic network fundamentals, understanding of TCP/IP, VLANs, routing, firewalls, VPNs, and basic network troubleshooting
Ansible – Advanced proficiency in playbook development, role creation, inventory management, and Ansible Automation Platform
Containerization – Strong experience building, packaging, and deploying containerized applications (Docker, Podman) and orchestrating them with Kubernetes or OpenShift
Scripting Languages – Expert-level scripting in Python, Bash, and/or PowerShell for automation, data manipulation, and API integration
CI/CD Platforms – Hands-on with GitLab CI/CD (or Jenkins, Azure DevOps, GitHub Actions) to design pipelines that include unit tests, security scans, and automated deployments
Version Control & Collaboration – Mastery of Git workflows, pull-request reviews, branching strategies, and code-ownership practices
Infrastructure-as-Code Tools – Proficiency with Terraform/Packer for platformed-agnostic resource provisioning
Monitoring & Observability – Experience configuring telemetry (Prometheus, Grafana, ELK/EFK stacks, Splunk) and alerting for automated environments
Secret & Credential Management – Familiarity with HashiCorp Vault, Azure Key Vault, AWS Secrets Manager, or equivalent
Compliance Automation – Ability to script and integrate compliance checks (OpenSCAP, Inspec, Chef InSpec) into the deployment pipeline
Problem-Solving & Incident Response – Comfortable troubleshooting complex, multi-layered failures and participating in on-call rotation for production issues
The appropriate measure for this level position includes: applies extensive expertise: solves complex problems that require the regular use of ingenuity and creativity; work is performed without appreciable direction and is reviewed for desired results from a relatively long time perspective: erroneous decisions would normally result in failure to achieve major organizational objectives: may function in project leadership roles and represents the organization as prime customer contact on significant technical matters on contracts

Benefits

Comprehensive health benefits to support you and your family
Flexible time off
Continuing education allowance
A donation allowance for charitable causes
Matched 401k

Company

SecureStrux®

twittertwittertwitter
company-logo
SecureStrux® is a cybersecurity, engineering, risk, and compliance firm defending organizations that support the Department of War (DoW) and the nation’s most critical missions.
dateFounded in 2008
location
Lancaster, Pennsylvania, USA
people-size11-50 employees
web-link
https://securestrux.com/?_ga=2.136692342.798804307.1607103860-855651120.1603899486

Funding

Current Stage
Early Stage
Company data provided by crunchbase