Remotery

Senior DevSecOps Engineer, Government Systems Security – Compliance

Posted Jul 1

This is a fully remote position, open to applicants in California.

📋 Description

• Design and implement CI/CD security measures (SAST, dependency scanning, secrets detection, SBOM generation) within ASR’s version control environments (GitHub, GitLab, or similar).

• Create a structured artifact management system that includes semantic versioning, signed releases, and audit-traceable build provenance; oversee release pipelines across varying compliance tiers (commercial, CMMC-controlled, SIPRNet-classified).

• Take full responsibility for CMMC Level 2 compliance; develop and sustain SSP, POA&M, and ATO/IATT support documentation for government program deliveries.

• Apply NIST SP 800-82 OT security controls to embedded flight software, GCS services, and swarm communications protocols.

• Enforce technical controls for CUI management, export-controlled repository access, and ITAR/EAR compliance within development workflows.

• Establish threat modeling and SSDF (NIST SP 800-218) practices; ensure SBOM generation aligns with EO 14028 and DoD supply chain mandates.

• Verify that the source control organization adheres to necessary security standards: MFA implemented as needed, least-privilege access controls enforced, audit logging verified, and third-party application permissions regulated.

• Assist in corporate IT integration: synchronize ASR’s development environment with larger CMMC and CUI enclave requirements as the organization expands.


⛳️ Requirements

• Active Secret clearance or a demonstrated ability and willingness to obtain one.

• Over 5 years of experience in DevSecOps, security engineering, or information assurance, including at least 2 years in a DoD or defense contractor setting.

• Proficient understanding of CMMC 2.0 Level 2 requirements and assessment procedures.

• Hands-on experience with GitHub Actions, GitLab CI, or similar CI/CD platforms, including the ability to write custom pipeline configurations for security automation.

• Capability to read and analyze C++ and Python codebases for threat modeling, SAST triage, and vulnerability assessment.

• Awareness of the differences in OT/embedded system security compared to enterprise IT; ability to implement NIST 800-82 to firmware and autopilot-layer software.

• Familiarity with SBOM generation tools (e.g., Syft, CycloneDX, SPDX) and DoD supply chain security requirements.

• Knowledge of ITAR/EAR technical controls: CUI management, export-controlled repository access, and developer access oversight.

• Comfortable working independently with minimal supervision; capable of maintaining composure and effectiveness under operational pressure.


🏝️ Benefits

• Generous annual equity package.

• Potential bonuses.

People also viewed

Evio2 days ago

Software/DevOps Engineer

US flagColorado OnlyFull-timeDevOps & Site Reliability Engineer (SRE)$120k – $140k/year
ApplyView job
DBSync3 days ago

Forward Deployment Engineer

IN flagIndia OnlyFull-timeDevOps & Site Reliability Engineer (SRE)
ApplyView job
IRIUM3 days ago

DevOps Engineer

ES flagSpain OnlyFull-timeDevOps & Site Reliability Engineer (SRE)€35k/year
ApplyView job
Sardine4 days ago

Product Manager – SRE, Data Engineer

US flagUnited States OnlyFull-timeDevOps & Site Reliability Engineer (SRE)$200k – $220k/year
ApplyView job
IRIUM5 days ago

Ingeniero/a DevOps – GCP

ES flagSpain OnlyFull-timeDevOps & Site Reliability Engineer (SRE)€40k – €48k/year
ApplyView job
fonio.ai6 days ago

Forward Deployment Engineer, Italian, Spanish Speaking

ES flagSpain OnlyFull-timeDevOps & Site Reliability Engineer (SRE)€65k – €95k/year
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers