Role overview

DevOps Engineer (Secret Clearance)

Requirements and responsibilities

Readable role content extracted into sections for faster review.

Details

  • Security Integration – Implement andmaintainsecurity controls throughout the development pipeline, ensuring security is embedded in every phase of the software development lifecycle.
  • Compliance Management – Collaborate with Information System Security Officers (ISSOs) to review Security Technical Implementation Guides (STIGs) and support Authority to Operate (ATO) processes, ensuring compliance with security standards and regulatory requirements.
  • CI/CD Pipeline Security – Design, implement, andmaintainsecure CI/CD pipelines with automated security testing, vulnerability scanning, and compliance checks integrated into deployment workflows.
  • Scrum Process Participation – Activelyparticipatein Scrum ceremonies, including sprint planning, daily standups, sprint reviews, and retrospectives, whileprovidingsecurity guidance and effort estimates for security-related tasks.
  • Vulnerability Management – Conduct regular security assessments, vulnerability scans, and penetration testing, while coordinating remediation efforts with development teams.
  • Infrastructure as Code (IaC) – Develop andmaintainsecure infrastructure configurations using Infrastructure as Code principles with automated security policy enforcement.
  • Security Monitoring – Implement and manage security monitoring tools, logging systems, and incident response procedures to detect and respond to security threats in real time.
  • Risk Assessment – Perform security risk assessments, threat modeling, and security architecture reviews toidentifyand mitigate potential vulnerabilities.
  • Documentation and Training – Create security documentation, procedures, and training materials whilemaintainingcompliance artifacts for audit purposes.
  • Required: 4 years of experience +Bachelor’sdegree, or 8 years of experience
  • Preferred: DoD Secret clearance or equivalent
  • IAT Level II certificationrequired (e.g., Security+ CE, CCNA-Security, GSEC, GICSP, SSCP,CySA+, or other DoD 8570.01-M / DoD 8140 approved certifications at IAT Level II)
  • AWS -Experience specifically with AWS CDK and processes (preferred)
  • DevSecOpsExpertise — Strong experience inDevSecOpspractices, security automation, and secure software development within enterprise environments.
  • Scrum Methodology — Deep understanding of Scrum principles and Agile development practices, including integrating security requirements into sprint planning and user story development.
  • Security Standards Knowledge — Extensive knowledge of STIGs, NIST frameworks, ATO processes, and federal security compliance requirements, with experience working alongside ISSOs and security teams. Hands-on experience with ATO and STIG maintenance and renewal is preferred.
  • CI/CD and Automation — Proficiency with CI/CD tools, with GitLab CI preferred, as well as containerization technologies including Docker and Kubernetes, and automation platforms such as Terraform, Ansible, and CloudFormation.
  • Cloud Security — Experience with cloud security platforms and cloud-native security tools, with AWS Security Hub preferred. Familiarity with multi-cloud security strategies andadditionalplatforms (Azure Security Center, Google Cloud Security) is a plus.
  • Programming and Scripting — Proficiency in scripting languages, JavaScript (is preferred), Bash, and PowerShell, with experience using security testing frameworks and static/dynamic analysis tools.
  • Security Tools — Experience with vulnerability scanners (Nessus, OpenVAS), SAST/DAST tools, container security scanning solutions, and security orchestration platforms.
  • Communication and Collaboration — Excellent communication skills with the ability to work effectively across cross-functional Scrum teams, security officers, compliance teams, and stakeholders in fast-paced development environments.
Similar roles

Keep a backup shortlist.

Browse stack
FocusDevSecOps EngineerRole area
Seniority signalMiddleCandidate level
StackAWS, Azure, CI/CDPrimary skills
Location1 accepted countryEligibility

Stack

Use these tags to compare similar remote roles.

Location eligibility

Candidates should apply only when their profile country is listed here.

Your profileCountry not setSign in to check your country against this role.

Hiring flow

WithMira shows the role, then sends candidates to the company application.

1Check role fit, stack, and location eligibility in WithMira.
2Open the company application page from the tracked apply link.
3Save the role or subscribe for similar opportunities before leaving.