DevSecOps Engineer

The Opportunity - THIS IS A CLEARED POSITION. Only candidates with ACTIVE SECRET Security Clearance with the U.S. Government will be considered.
We are seeking a DevSecOps Engineer with deep Kubernetes expertise to design, implement, and maintain secure, scalable cloud-native platforms. This role bridges development, security, and operations to embed security throughout the software delivery lifecycle while enabling high-velocity engineering teams.

Key Responsibilities (Principal Duties and Accountabilities *Essential Functions)

Platform & Infrastructure

• Design, provision, and maintain production Kubernetes clusters (RKE2 / EKS / GKE / AKS) across cloud and on-premises environments
• Manage cluster lifecycle: upgrades, node pool scaling, multi-tenancy, and namespace governance
• Implement and maintain CNI solutions (Calico, Cilium, Multus) including advanced networking topologies such as macvlan and SR-IOV
• Operate GitOps workflows (e. g. ArgoCD) for declarative, auditable cluster state management
• Develop and maintain Helm charts for platform and application services

DevSecOps & CI/CD

• Build and maintain CI/CD pipelines in GitLab CI (and/or GitHub Actions) with integrated security scanning and artifact signing
• Integrate SAST, DAST, SCA, and container image scanning (Trivy, Grype, Semgrep) into pipeline gates
• Implement supply-chain security controls: SBOM generation, cosign image signing, and Sigstore policy enforcement
• Automate OS image builds using Packer (QEMU, vSphere) targeting RHEL, AlmaLinux, Debian/Ubuntu, and Windows
• Manage secrets at scale using Vault, External Secrets Operator, or equivalent solutions

Security & Compliance

• Enforce runtime security through admission controllers (Kyverno / OPA Gatekeeper), Pod Security Standards, and network policies
• Own vulnerability management processes including scheduled scanning, triage, and remediation SLAs
• Support compliance initiatives (SOC 2, FedRAMP, NIST 800-53) by maintaining audit-ready infrastructure-as-code and evidence artifacts
• Conduct threat modeling and security architecture reviews for new platform capabilities
• Respond to and lead post-mortems for security incidents and infrastructure outages

Observability & Reliability

• Deploy and operate observability stacks: Prometheus, Grafana, Loki, and OpenTelemetry collectors
• Define and track SLOs/SLAs; build alerting and on-call runbooks to drive reliability improvements
• Implement cost observability and right-sizing workflows for cloud and on-prem workloads

Collaboration & Developer Enablement

• Partner with development teams to design deployment patterns, resource quotas, and autoscaling strategies
• Produce clear documentation, runbooks, and internal training materials for platform capabilities
• Mentor junior engineers and participate in architecture decision records (ADRs)