DevSecOps Engineer

CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantage—domain dominance. The company's products are powered by Coherent Distributed Networks (CDN™), empowering warfighters, commercial air operators, and border protection teams to act faster, adapt rapidly, and stay ahead of evolving threats.

CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors, including 8VC, Accel, and Valor Equity Partners. The company is headquartered in Los Angeles, with offices in Washington D.C., San Francisco, San Diego, Seattle, and London. For more information, please visit

Chaos Industries is hiring a Dev Sec Ops  Engineer to embed security into every layer of our software development and infrastructure delivery lifecycle. This is a broad, hands‑on engineering role; you will own CI/CD pipeline security, automate compliance and vulnerability checks, harden cloud and on‑premise environments, and partner with development and operations teams to make secure by default a reality, not a checkbox.

You will work across classified and unclassified environments, applying the same engineering rigor to security that our developers apply to product—fast, repeatable, and built to scale.

• Design, implement, and maintain secure CI/CD pipelines integrating automated security scanning tools (SAST, DAST, SCA, secrets detection) across development workflows using Git Hub Actions, Git Lab CI, Jenkins, or equivalent.
• Automate security and compliance controls including STIG/SRG validation, vulnerability scanning (ACAS/Nessus), and policy‑as‑code enforcement (OPA, Conftest) within pipeline and infrastructure workflows.
• Collaborate with software engineers to identify, triage, and remediate application security vulnerabilities; champion secure coding practices, threat modeling, and developer security training across engineering teams.
• Build and manage container security posture including image hardening, runtime protection, Kubernetes security configurations (RBAC, Pod Security Admission, network policies), and registry scanning.
• Design and maintain infrastructure‑as‑code (Terraform, Cloud Formation, Ansible) with integrated security controls; enforce least‑privilege, secrets management (Secrets Manager), and configuration compliance.
• Support RMF/ATO activities by automating evidence collection, generating compliance reports, and maintaining continuous monitoring artifacts for cloud and on‑premise systems operating within classified or CUI environments.
• Monitor security tooling telemetry, pipeline health dashboards, and vulnerability metrics; produce trend reports and actionable remediation backlogs for engineering and security leadership.
• Coordinate with ISSM/ISSO teams and system administrators to ensure Dev Sec Ops  practices align with authorization boundary requirements, CMMC Level 2/3 controls, and DFARS obligations.
• Evaluate and introduce new Dev Sec Ops  tooling, frameworks, and practices; build internal documentation, runbooks, and playbooks to operationalize security automation across teams.
• Travel up to 15 % CONUS to support program site integrations, government customer engagements, and security architecture reviews.

• Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical field. Equivalent experience considered.
• 4–7 years of experience in Dev Ops, software engineering, or cybersecurity, with demonstrated hands‑on experience integrating security tooling into CI/CD pipelines and cloud environments.
• Proficiency in at least one scripting or programming language (Python, Bash, Go, or equivalent) used to build automation, security tooling integrations, or infrastructure‑as‑code.
• Hands‑on experience with container technologies (Docker, Kubernetes) including security hardening, image scanning, and runtime protection in a production environment.
• Working knowledge of cloud security on AWS Gov Cloud or Azure Government including IAM, network security groups, security monitoring services, and secrets management.
• Familiarity with SAST, DAST, and SCA tooling…