DevSecOps Engineer – DoD

This is a fully remote position, open to applicants in United States.

📋 Description

• Design and manage infrastructure based on Kubernetes, including tasks such as cluster provisioning, RBAC configuration, network policies, and workload management.

• Package and deploy applications utilizing Helm charts; oversee chart repositories and manage the release lifecycle across various environments.

• Implement and enforce policy controls through the Istio service mesh, OPA Gatekeeper, Kyverno, and related Kubernetes admission controllers.

• Construct and maintain CI/CD pipelines using tools like GitLab CI, GitHub Actions, Jenkins, or similar; incorporate automated security scanning and compliance gates.

• Deploy and manage workloads on AWS GovCloud and Azure Government; design for high availability, disaster recovery, and compliance across regions.

• Manage and strengthen container images; integrate with Iron Bank, Platform One, and other DoD-approved registry sources.

• Configure and sustain observability stacks, including Prometheus, Grafana, and Datadog; create alerting mechanisms, dashboards, and SLO frameworks.

• Engage in ATO processes, assist with STIG/CIS compliance scanning, and contribute to System Security Plans (SSPs) and related documentation artifacts.

• Collaborate with development, security, and program teams to establish and enhance DevSecOps practices throughout the software delivery lifecycle.

• Support deployments in air-gapped and classified environments; design solutions for offline image transfers, registry mirroring, and artifact management.

• Coordinate with government platform teams and managed service providers to integrate and maintain vendor tooling within approved DoD software factories.

⛳️ Requirements

• A minimum of 4 years of practical experience with Kubernetes in production settings.

• Proven experience in deploying and managing applications using Helm in multi-environment configurations.

• Proficient knowledge of Istio, OPA Gatekeeper, Kyverno, or similar Kubernetes policy and service mesh tools.

• Familiarity with at least one major CI/CD platform: GitLab CI, GitHub Actions, Jenkins, or a comparable tool.

• Hands-on experience with AWS and/or Azure cloud platforms, encompassing IAM, networking, storage, and managed Kubernetes services (EKS, AKS).

• Experience in container image workflows: building, scanning, hardening, and distributing images through OCI registries.

• Understanding of monitoring and observability tools such as Prometheus, Grafana, and/or Datadog.

• Background in Single Sign-On (SSO) and identity federation; familiarity with Keycloak or equivalent OIDC/SAML providers.

• Active DoD security clearance (Secret or higher).

🏝️ Benefits

• Benefits + Equity: Where applicable