×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Cloud Computing

DevSecOps Compliance Engineer

Job in McLean, Fairfax County, Virginia, USA
Listing for: Bigbear.ai
Full Time position
Listed on 2025-12-24
Job specializations:
  • IT/Tech
    Cybersecurity, Cloud Computing
Salary/Wage Range or Industry Benchmark: 100000 - 130000 USD Yearly USD 100000.00 130000.00 YEAR
Job Description & How to Apply Below

Overview

Big Bear.ai is seeking a Dev Sec Ops  Compliance Engineer to serve as the bridge between development operations and security compliance, responsible for implementing and maintaining an automated compliance platform within customer Dev Sec Ops  pipelines. This role ensures seamless integration of AI-driven compliance automation into existing software development life cycles while maintaining continuous compliance monitoring and documentation generation capabilities. This position will be based out of our Columbia, MD office but will support multiple customers in the Baltimore/Washington corridor and beyond.

What

you will do
  • Integrate ATO Automation platform with customer CI/CD pipelines, source control systems (Git Hub, Git Lab), and Dev Ops tool chains
  • Configure and maintain automated security control validation workflows using ATO Automation platform's real-time code analysis capabilities
  • Implement continuous compliance monitoring by connecting ATO Automation platform to cloud service provider APIs (AWS, Azure) and infrastructure-as-code repositories
  • Automate System Security Plan (SSP) generation and maintain synchronization between system configurations and compliance documentation
  • Establish security gates within CI/CD pipelines that leverage ATO Automation platform’s automated control assessment capabilities
  • Collaborate with development teams to remediate compliance gaps identified through automated scanning
  • Configure integrations with security tools including SAST/DAST solutions (Fortify, Sonar Qube), container security platforms (Aqua, Twistlock), and vulnerability scanners (Tenable, Qualys)
  • Deploy ATO Automation platform connectors to Git Lab or Git Hub Enterprise repositories to enable real-time code analysis for NIST 800-53 control validation
  • Configure automated SSP generation workflows that parse infrastructure-as-code templates (Terraform, Cloud Formation) and map security controls
  • Implement webhook integrations between ATO Automation platform and Jenkins pipelines to trigger compliance assessments on code commits
  • Create custom compliance dashboards that display real-time control implementation status across multiple frameworks (FedRAMP, CMMC, DoD SRG)
  • Develop automated remediation workflows that create JIRA tickets when ATO Automation platform detects compliance drift
What you need to have
  • Active TS/SCI with Poly
  • Strong experience with CI/CD platforms (Jenkins, Git Lab CI, Azure Dev Ops, Circle

    CI)
  • Proficiency in Infrastructure as Code tools (Terraform, Cloud Formation, ARM templates)
  • Deep understanding of NIST 800-53 Rev 5 security controls and FedRAMP compliance requirements
  • Experience with containerization and orchestration platforms (Docker, Kubernetes, Open Shift)
  • Knowledge of secure coding practices and application security testing methodologies
  • Proficiency in scripting languages (Python, Bash, Power Shell) for automation
  • Experience integrating security scanning tools into automated pipelines
  • Understanding of Git-based version control and branching strategies
  • Familiarity with OSCAL (Open Security Controls Assessment Language) standards
What we’d like you to have
  • Experience with LLM-based automation platforms and Retrieval-Augmented Generation (RAG) architectures
  • Prior implementation of compliance automation tools in federal environments
  • Hands‑on experience with AWS Gov Cloud or Azure Government cloud platforms
  • Knowledge of CMMC 2.0 requirements and DoD Security Requirements Guide
  • Certifications:

    Certified Dev Sec Ops  Professional, AWS Security Specialty, Azure Security Engineer
  • Experience with SIEM platforms (Splunk, QRadar) and log aggregation
  • Understanding of zero‑trust architecture principles
  • Familiarity with continuous monitoring (Con Mon) requirements for federal systems
About Big Bear.ai

Big Bear.ai is a leading provider of AI‑powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Big Bear.ai’s predictive analytics capabilities in highly complex, distributed, mission‑based operating environments. Headquartered in McLean, Virginia, Big Bear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit (Use the "Apply for this Job" box below). and follow Big Bear.ai

on Linked In:  and X: @Big Bearai.

Big Bear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search