Release​/Security Engineer

Job Title: Release/Security Engineer

Reference: 26-005

Job Type: Full-time

Job Status: Interviewing

Date Posted: 01-16-2026

Location: Huntsville

Duration: Permanent

Company Address: Cohesion Force, Inc.

Street: 101 Quality Circle

Suite: Suite 140

City: Huntsville, AL 35806

Website:

Cohesion Force is actively seeking candidates for a Release / Security Engineer to become part of our team in Huntsville, AL. Cohesion Force is a small software engineering company supporting high-visibility customers in the Missile Defense community. We are heavily involved in Artificial Intelligence and modern software development practices, and we are expanding our internal AI research capability to support rapid innovation and mission-focused solutions.

The position will support two critical company needs:

• Building and maintaining secuire release pipelines with cryptographic signing, provenance tracking, and software supply chain security to support DoD compliance requirements.
• Assisting with IT and CMMC-related efforts such as audit preparation, evidence gathering, and supporting internal cybersecurity readiness activitiies.

The ideal candidate will have a strong foundation in Python, Git Lab, CI/CD, Linux system administration, and container technolgies. They should also be comfortable assisting with security compliance tasks and internal process improvements. This candidate will work closely with technical leadership and will be expected to be a self-starter, attentive to details, and able to prioritize and adjust to accomplish company objectives with limited oversight.

• Build and maintain secure Gig Lab CI/CD release pipelines with multi-stage workflows.
• Implement cryptograpic signing and provenance tracking (GPG, Cosign, detached signatures).
• Generate and validate Software Bill of Materials (SBOM) for supply chain transparency.
• Manage rootless multistage container builds using Podman and OCI standards.
• Support SLSA Level 3 compliance for software artifact integrity.
• Perform vulnerability scanning and security artifact generation.
• Document release processes and security procedures.
• Support product release and transfers to target deployment environments.

• Develop suporting Python services, scripts, automation, or APIs that enable release pipelines and internal business needs.
• Support Dev Ops practices including automation, build pipelines, containerization, and deployment best practices.
• Work with the product architect to develop and maintain sandbox environments and controls for agentic applications.
• Maintain and improve CI/CD runner infrastructure and build environments.

• Support CMMC augit preparation and evidence gathering activites.
• Assist assessors during compliance reviews as needed.
• Help maintain internal systems/tools used to manage documentation, version control, and process compliance.
• Provide backup support for IT troubleshooting or internal technical needs when required.

• Bachelor’s degree in an engineering, science, cybersecurity, IT, or technology-related field degree with 1-5 years of experience, or a Master’s degree in a related field with less than 1 years of experience. (Equivalent experience will be considered.)
• Experience with Python development (scripting, automation, APIs, or tooling).
• Experience with Git Lab CI/CD pipeline development (.gitlab-ci.yml, runners, artifacts).
• Experience with Linux system administration and shell scripting.
• Experience with container technogies (Buildah, Podman, Docker, or similar).
• Experience with CI/CD pipelines and build automation.
• Interest in AI tooling and securing AI systems (experience not require, but curiosity and willingness to learn is a must).
• Basic understanding of cryptology concepts (GPC signing, certificates).
• Strong written communication skills (ability to help produce technical documentation and policy content).
• Strong interpersonal skills and ability to collaborate in a small, fast-moving team environment.
• Ability to prioritize and adjust tasks to accomplish project results within limited oversight.
• Excellent written and verbal communiation skills.
• Must be a U.S. Citizen and have the capability to obtain a Secret security clearance.

• Experience with software supply chain security practices (SLSA, Sigstore/Cosign ecosystem).
• Experience with SBOM generation tools (Cyclone
  
  DX, Syft) and vulnerability scanning (Trivy, Grype).
• Experience using Git Lab (including issue tracking, merge request workflows, and container registry).
• Familiarity with infrastructure as Code tools such as Ansible.
• Familiarity with Azure cloud services (preferred, not required).
• Experience with CMMC, NIST 800-171, or cybersecurity compliance documenation.
• Experience with RHEL or Fedora environments.

This role is a unique opportunity to join a small, highly skilled team where your contributions have immediate impact. The Release / Security…