DevSecOps

Overview

Zapata Technology

Referral Eligible

As a Dev Sec Ops  Engineer, you will incorporate security mechanisms into CI/CD workflows and infrastructure automation to support secure, compliant software releases within a regulated, mission-driven setting. You will automate vulnerability scanning and compliance checks, assist development teams in addressing risks early in the lifecycle, help sustain audit/ATO preparedness, and contribute to monitoring and incident response efforts. This position requires practical technical execution, disciplined documentation practices, and the ability to clearly articulate risk to both technical and non-technical audiences.

• Hands‑on experience securing or operating CI/CD pipelines and modern deployment workflows.
• Demonstrated ability to automate security/ops tasks using scripting/programming (i.e., Python, Bash, etc.).
• Working knowledge of secure system design and operational security fundamentals (least privilege, secrets handling, patching, logging/monitoring, vulnerability management).
• Experience working in regulated/compliance‑driven environments (e.g., audit requirements, security controls, change management).
• Strong written communication skills with proven ability to document procedures and communicate technical risk clearly.
• Embed and maintain security controls in CI/CD pipelines to support secure, repeatable software delivery.
• Software composition analysis (SCA), container/image scanning, and infrastructure/configuration security checks.
• Implement and maintain policy‑as‑code / security gates aligned to program requirements and risk tolerance (e.g., blocking high‑severity findings where appropriate, exception handling, evidence capture).
• Support development teams with shift‑left security: triage findings, validate risk, recommend remediation, and verify fixes.
• Maintain and improve Infrastructure‑as‑Code (IaC) and deployment automation to reduce drift and improve standardization.
• Support baseline configuration management/enforcement and hardened builds (including DISA STIG‑aligned configurations where required).
• Enable and improve centralized logging and monitoring to support security operations, detection, auditing, and troubleshooting.
• Ensure solutions meet government and organizational security requirements, supporting RMF/ATO activities, security documentation, and evidence collection.
• Participate in incident response, including investigation support, containment assistance, and root‑cause analysis with corrective/preventive actions.
• Create and maintain technical documentation (runbooks, control implementation notes, pipeline security procedures, operational guides, and audit evidence).

• Ops certifications (e.g., RHCSA, or similar).
• Familiarity with government security frameworks such as NIST (e.g., NIST SP 800‑53 concepts) and the RMF/ATO lifecycle (implementing controls, collecting evidence, supporting assessments).
• Experience implementing or validating DISA STIG‑aligned configurations and control evidence.
• Experience with centralized baseline configuration management/enforcement (e.g., Ansible, Puppet, Chef, Salt; compliance tooling such as OpenSCAP and/or similar approaches).
• Experience with centralized logging platforms (e.g., Splunk, ELK/Open Search, Loki, Sentinel) and building actionable security/ops dashboards.
• Experience with SNMP monitoring (e.g., Zabbix, Libre
  
  NMS, Solar Winds, Prometheus SNMP exporter) and alert tuning.
• Container and orchestration experience:
  Kubernetes and container tooling such as Docker and/or Podman (secure build patterns, image provenance/scanning, runtime hardening).
• Experience in on‑premises and hybrid environments, including segmented networks and restricted connectivity patterns.
• Working familiarity with Red Hat Enterprise Linux (RHEL) or RHEL‑compatible systems.
• Ability to work within controlled environments and comply with program security policies and handling procedures.
• Programming experience and knowledge of Python and Java.

• DoD 8570 IAT Level II certification (e.g., CompTIA Security+, SSCP, or equivalent).
• Bachelor’s degree (or comparable professional experience).
• 3–…