DESCRIPTION

We’re looking for a DevSecOps Engineer to secure and optimize the entire development lifecycle from code commit to deployment, while embedding security, compliance, and automation into every step. You’ll work across engineering, IT, and compliance teams to ensure our CI/CD pipelines, infrastructure, firmware, and sensitive systems meet stringent aerospace and defense security requirements including CMMC, NIST 800-171, NIST 800-53, and ITAR.
This role blends traditional DevSecOps responsibilities with hands-on support for firmware build pipelines, Linux kernel security, and the secure provisioning of embedded systems.

MINIMUM QUALIFICATIONS

• 5+ years of experience in DevSecOps, DevOps, or infrastructure automation roles in production environments
• Demonstrated experience with GitLab CI/CD, Terraform, Python, and at least one C-family language (C, C++, Rust), or Linux systems and container orchestration (Kubernetes, Docker)
• Hands-on experience with firmware development workflows, embedded toolchains, or build environments for microcontrollers, FPGAs, or real-time OS
• Experience with Linux kernel configuration, hardening, or custom kernel module integration
• Demonstrated experience supporting or implementing CMMC, NIST 800-171, NIST 800-53, or ITAR requirements
• Experience of security controls for software supply chains, including software provenance, SBOMs, and tamper detection

PREFERRED SKILLS AND EXPERIENCE

• Ability to work hands-on and independently while collaborating across multidisciplinary teams
• Experience working in aerospace, defense, or other regulated, safety-critical environments
• Familiarity with:
• Air-gapped or enclave deployments
• GitLab Ultimate or self-hosted runner architectures
• Secure boot, UEFI, TPM, or hardware root-of-trust
• Yocto, Buildroot, or Real time and embedded Linux build systems
• Contributions to open-source security or infrastructure projects
• Clearance eligibility or active DoD security clearance

• Design, implement, and maintain secure CI/CD pipelines using GitLab and related tools for both software and infrastructure delivery
• Build and manage Infrastructure as Code (IaC) deployments using Terraform and similar tools to support compliant hybrid-cloud environments
• Integrate static code analysis, vulnerability scanning, SBOM generation, and container hardening into developer workflows
• Support secure builds, testing, and signing processes for firmware, low-level software, and embedded targets
• Work directly with engineering teams to harden Linux kernel configurations, modules, and embedded OS environments
• Secure infrastructure and applications across AWS GovCloud, on-prem, and air-gapped environments, including cross-domain data movement with audit trails
• Collaborate with infosec and compliance teams to operationalize controls from CMMC, NIST 800-171, NIST 800-53, and ITAR
• Contribute to audit prep, documentation, and artifact generation for assessments (e.g. C3PAO, DIBCAC, customer security reviews)
• Write tooling and automations in Python, Bash, Go, or C-family languages to support secure builds, deployments, and infrastructure telemetry
• Maintain secure artifact registries, firmware repositories, and access-controlled build environments
• Lead initiatives in secret management, identity-aware infrastructure, and automated policy enforcement
• Educate developers and engineers on secure coding, pipeline hygiene, and compliance-as-code principles