DevSecOps Engineer (1455)

Referral Eligible  

 

Summary: 

 As a DevSecOps Engineer, you will incorporate security mechanisms into CI/CD workflows and infrastructure automation to support secure, compliant software releases within a regulated, mission-driven setting. You will automate vulnerability scanning and compliance checks, assist development teams in addressing risks early in the lifecycle, help sustain audit/ATO preparedness, and contribute to monitoring and incident response efforts. This position requires practical technical execution, disciplined documentation practices, and the ability to clearly articulate risk to both technical and non-technical audiences.

 

 

Job Qualifications: 

Qualifications and Skills include: 

• Hands-on experience securing or operating CI/CD pipelines and modern deployment workflows.
• Demonstrated ability to automate security/ops tasks using scripting/programming (i.e., Python, Bash, etc.).
• Working knowledge of secure system design and operational security fundamentals (least privilege, secrets handling, patching, logging/monitoring, vulnerability management).
• Experience working in regulated/compliance-driven environments (e.g., audit requirements, security controls, change management).
• Strong written communication skills with proven ability to document procedures and communicate technical risk clearly.
• Embed and maintain security controls in CI/CD pipelines to support secure, repeatable software delivery.
• Software composition analysis (SCA), container/image scanning, and infrastructure/configuration security checks.
• Implement and maintain policy-as-code / security gates aligned to program requirements and risk tolerance (e.g., blocking high-severity findings where appropriate, exception handling, evidence capture).
• Support development teams with shift-left security: triage findings, validate risk, recommend remediation, and verify fixes.
• Maintain and improve Infrastructure-as-Code (IaC) and deployment automation to reduce drift and improve standardization.
• Support baseline configuration management/enforcement and hardened builds (including DISA STIG-aligned configurations where required).
• Enable and improve centralized logging and monitoring to support security operations, detection, auditing, and troubleshooting.
• Ensure solutions meet government and organizational security requirements, supporting RMF/ATO activities, security documentation, and evidence collection.
• Participate in incident response, including investigation support, containment assistance, and root-cause analysis with corrective/preventive actions.
• Create and maintain technical documentation (runbooks, control implementation notes, pipeline security procedures, operational guides, and audit evidence).

 

Preferred Qualifications: 

• Ops certifications (e.g., RHCSA, or similar).
• Familiarity with government security frameworks such as NIST (e.g., NIST SP 800-53 concepts) and the RMF/ATO lifecycle (implementing controls, collecting evidence, supporting assessments).
• Experience implementing or validating DISA STIG-aligned configurations and control evidence.
• Experience with centralized baseline configuration management/enforcement (e.g., Ansible, Puppet, Chef, Salt; compliance tooling such as OpenSCAP and/or similar approaches).
• Experience with centralized logging platforms (e.g., Splunk, ELK/OpenSearch, Loki, Sentinel) and building actionable security/ops dashboards.
• Experience with SNMP monitoring (e.g., Zabbix, LibreNMS, SolarWinds, Prometheus SNMP exporter) and alert tuning.
• Container and orchestration experience: Kubernetes and container tooling such as Docker and/or Podman (secure build patterns, image provenance/scanning, runtime hardening).
• Experience in on-premises and hybrid environments, including segmented networks and restricted connectivity patterns.
• Working familiarity with Red Hat Enterprise Linux (RHEL) or RHEL-compatible systems.
• Ability to work within controlled environments and comply with program security policies and handling procedures.
• Programming experience and knowledge of Python and Java.

 

 

Education/Experience include: 

DoD 8570 IAT Level II certification (e.g., CompTIA Security+, SSCP, or equivalent).

Bachelor’s degree (or comparable professional experience)

3–6 years of experience in DevOps, DevSecOps, Security Engineering, Systems Engineering, Platform Engineering, or related disciplines.

 

 

Working Conditions: 

Prolonged periods sitting at a desk and working on a computer.  

 

Position Type/Expected Hours of Work: 

Full time position 

 

Travel: Less than 5%

 

Clearance Type: 

Requires a current TS/SCI. Employment is contingent on having or obtaining the required active security clearance or successfully passing the required background check, as well as other factors, including, but not limited to, drug screens. 

 

AAP/EEO Statement: 

Equal Opportunity Employer – M/F/Disabled/Veteran 

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. 

 

Zapata Technology, Inc. provides reasonable accommodation to applicants who are veterans or who have disabilities and are unable to fully use our company application system. If you need a reasonable accommodation for any part of the application and hiring process, please notify Christina Hall, EEO Coordinator at ChristinaHall@ZapataTechnology.com