DevSecOps Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Design and manage Kubernetes-based infrastructure, encompassing cluster provisioning, RBAC configuration, network policies, and workload management.

• Package and deploy applications utilizing Helm charts; oversee chart repositories and manage the release lifecycle across various environments.

• Implement and uphold policy controls with Istio service mesh, OPA Gatekeeper, Kyverno, and other related Kubernetes admission controllers.

• Construct and maintain CI/CD pipelines using tools such as GitLab CI, GitHub Actions, Jenkins, or similar; integrate automated security scans and compliance gates.

• Deploy and operate workloads on AWS GovCloud and Azure Government; design for high availability, disaster recovery, and cross-region compliance requirements.

• Manage and secure container images; integrate with Iron Bank, Platform One, and other DoD-approved registry sources.

• Configure and sustain observability stacks including Prometheus, Grafana, and Datadog; develop alert systems, dashboards, and SLO frameworks.

• Engage in ATO processes, assist with STIG/CIS compliance scanning, and contribute to System Security Plans (SSPs) and related documentation artifacts.

• Collaborate with development, security, and program teams to establish and enhance DevSecOps practices throughout the software delivery lifecycle.

• Support deployments in air-gapped and classified environments; design solutions for offline image transfers, registry mirroring, and artifact management.

• Coordinate with government platform teams and managed service providers to integrate and maintain vendor tooling within approved DoD software factories.

⛳️ Requirements

• Over 4 years of practical experience with Kubernetes in production settings.

• Proven experience in deploying and managing applications via Helm in multi-environment setups.

• Proficient knowledge of Istio, OPA Gatekeeper, Kyverno, or equivalent tools for Kubernetes policy and service mesh.

• Experience with at least one major CI/CD platform: GitLab CI, GitHub Actions, Jenkins, or similar.

• Hands-on experience with AWS and/or Azure cloud platforms, including IAM, networking, storage, and managed Kubernetes services (EKS, AKS).

• Familiarity with container image workflows: building, scanning, securing, and distributing images via OCI registries.

• Knowledge of monitoring and observability tools such as Prometheus, Grafana, and/or Datadog.

• Experience with Single Sign-On (SSO) and identity federation; familiarity with Keycloak or other OIDC/SAML providers.

• Active DoD security clearance (Secret or higher).

🏝️ Benefits

• Base Salary: $140,000 – $175,000 + Benefits + Equity: Where applicable