Senior DevSecOps Engineer

Location: Remote

Clearance: Active DoD Secret clearance required

Employment Type: Full-Time (W-2)

Citizenship: U.S. Citizenship required

Intelli Tech is seeking a Senior Platform / Dev Sec Ops  + Security Engineer to lead the infrastructure modernization, security hardening, authorization pathway, and production promotion of a Government‑owned digital twin application deployed in an Army cloud environment. The application is a supply chain simulation platform built on Python, FastAPI, React, and MongoDB and currently operates as a monolithic Docker deployment.

This role will help transition it into a production‑grade, containerized, split‑service architecture aligned to Army cloud platform requirements, Dev Sec Ops  delivery practices, and production promotion gates.

This is a hands‑on role on a lean, senior team. The ideal candidate will architect deployment infrastructure, build CI/CD pipelines, harden the application for production, support authorization evidence development, and help lead promotion from development through production. This individual will work directly with Army platform teams, security stakeholders, and identity management teams to ensure the application is secure, scalable, supportable, and ready for operational use.

• Transition the application from a single‑host Docker deployment to a split‑service containerized architecture using Amazon EKS, ECS, or another approved orchestration model
• Design and implement multi‑tier environment separation across development, test/staging, and production
• Package frontend, backend API, and simulation worker services as independently deployable container artifacts
• Implement infrastructure‑as‑code using Terraform, Cloud Formation, or approved equivalents for repeatable provisioning and configuration management
• Design the distributed execution model allowing simulation workers to scale independently from the API tier with bounded concurrency and isolation controls
• Configure managed platform services for persistence, caching, object storage, secrets management, and observability

• Build and maintain CI/CD pipelines using approved tool chains such as Git Lab CI, Git Hub Actions, or government‑provided platform tooling
• Integrate automated build, test, container scanning, dependency scanning, SAST, and DAST into the delivery pipeline
• Implement promotion workflows with quality and security gates for development‑to‑staging and staging‑to‑production transitions
• Generate and maintain software bill of materials (SBOM) and dependency inventories as part of the build process
• Design rollback and recovery procedures for failed deployments, including restoration of prior known‑good versions

• Harden container images and dependency baselines in alignment with STIG requirements and approved security standards
• Implement managed secrets storage, encryption in transit and at rest, least‑privilege IAM policies, and appropriate network segmentation
• Integrate vulnerability scanning into release workflows and support remediation tracking
• Support closure of security findings through remediation, compensating controls, and evidence updates
• Ensure artifact retention and traceability sufficient to support promotion approval and auditability

• Integrate the application with CAC‑enabled SSO and the identity provider required by the target environment using SAML, OIDC, or platform‑specific approaches
• Replace local account models with externalized authentication through approved identity services
• Implement role‑based access controls for analyst, administrator, and system functions
• Ensure user actions are traceable to authenticated identities

• Support the application‑specific authorization effort from evidence planning through submission and remediation
• Produce and maintain authorization artifacts such as architecture diagrams, data flows, SBOMs, scan evidence, logging and monitoring descriptions, and operational runbooks
• Align evidence to the platform’s inheritance model where applicable rather than building a…