DevSecOps Engineer, Security Clearance

Position: DevSecOps Engineer, Staff with Security Clearance
AMERICAN SYSTEMS is an employee-owned federal government contractor supporting national priority programs through our strategic solutions in the areas of Information Technology, Test & Evaluation, Program Mission Support, Engineering & Analysis, and Training. Responsibilities The Dev Sec Ops  Engineer will design, implement, and maintain secure, automated
software delivery pipelines in support of U.S. defense acquisition programs. This role
requires strong Linux expertise, hands-on experience with modern Dev Sec Ops  practices, and a solid understanding of DoD acquisition environments, processes, and security requirements. You will collaborate with development, security, and operations teams to ensure mission-critical systems are built, tested, and deployed securely and reliably.

Key Responsibilities
* Dev Sec Ops  & Automation
* Design, implement, and maintain CI/CD pipelines (e.g., Git Lab CI, Git Hub Actions, Jenkins, Azure Dev Ops) to automate build, test, security scanning, and deployment processes.

* Integrate security tools (SAST, DAST, SCA, container scanning, secret detection) into the pipeline and enforce "shift-left" security practices.

* Develop and maintain Infrastructure as Code (IaC) using tools such as Terraform, Ansible, Helm, or Cloud Formation.

* Implement and manage configuration management and environment provisioning for development, test, staging, and production environments.

* Linux & Platform Engineering
* Administer and harden Linux-based systems (RHEL, CentOS, Rocky, Ubuntu, or similar) in accordance with DoD security standards (e.g., STIGs, CIS Benchmarks).

* Manage system services, networking, access controls, logging, and system monitoring on Linux platforms.

* Troubleshoot performance, reliability, and security issues on Linux servers, containers, and virtual machines.

* Build and maintain containerized workloads (Docker/Podman) and orchestrated environments (Kubernetes/Open Shift or similar).

* Security & Compliance
* Implement and maintain security controls in line with DoD and federal requirements (e.g., RMF, NIST SP 800-53, NIST 800-171, CMMC).

* Support Authority to Operate (ATO) activities by producing required Dev Sec Ops  and system artifacts (e.g., pipeline documentation, security test results, configuration baselines).

* Collaborate with ISSOs, security engineers, and program managers to ensure continuous compliance and vulnerability remediation.

* Implement monitoring, alerting, and logging solutions (e.g., ELK/EFK, Splunk, Prometheus/Grafana) to support security operations and incident response.

* Defense Acquisition Support
* Work within the constraints and requirements of DoD acquisition lifecycle frameworks (e.g., DoDI 5000 series, DoD 5000.02, Adaptive Acquisition Framework).

* Align Dev Sec Ops  practices with program milestones, deliveries, and documentation expectations (e.g., CDR, TRR, test events, fielding).

* Participate in technical reviews, risk assessments, and planning sessions with program stakeholders and government customers.

* Provide technical input to acquisition artifacts such as System Engineering Plans, Test Plans, and Cybersecurity Strategies.

* Collaboration & Technical Leadership
* Partner with developers, system engineers, cybersecurity, and program management to define secure architecture patterns and deployment strategies.

* Champion Dev Sec Ops  best practices, secure coding standards, and continuous improvement across the team.

* Mentor junior engineers and contribute to internal standards, templates, and playbooks. Qualifications
* 3-5 years experience in classified or air-gapped environments and with cross-domain or
disconnected Dev Sec Ops  workflows.

* Secret Clearance REQUIRED.

* Hands-on experience with:
* DoD Enterprise Dev Sec Ops  platforms (e.g., Platform One, Iron Bank, relevant containers registries)

* Secrets management tools (e.g., Hashi Corp Vault, AWS Secrets Manager, Key Management Systems)

* Cloud platforms (AWS, Azure, GCP) and hybrid/multi-cloud environments in a government context (e.g., IL4/IL5, Gov Cloud).

* Relevant certifications, such as:
* Security+ CE, CISSP, CASP+, or other DoD 8570/8140 certifications Red Hat…