<p>Overview</p> <p>AMERICAN SYSTEMS is an employee-owned federal government contractor supporting national priority programs through our strategic solutions in the areas of Information Technology, Test & Evaluation, Program Mission Support, Engineering & Analysis, and Training.</p> <p>The DevSecOps Engineer will design, implement, and maintain secure, automated</p> <p>software delivery pipelines in support of U.S. defense acquisition programs. This role</p> <p>requires strong Linux expertise, hands-on experience with modern DevSecOps practices, and a solid understanding of DoD acquisition environments, processes, and security requirements. You will collaborate with development, security, and operations teams to ensure mission-critical systems are built, tested, and deployed securely and reliably.</p> <p>Key Responsibilities</p> <ul> <li> <p>DevSecOps & Automation</p> </li><li> <p>Design, implement, and maintain CI/CD pipelines (e.g., GitLab CI, GitHub Actions, Jenkins, Azure DevOps) to automate build, test, security scanning, and deployment processes.</p> </li><li> <p>Integrate security tools (SAST, DAST, SCA, container scanning, secret detection) into the pipeline and enforce "shift-left" security practices.</p> </li><li> <p>Develop and maintain Infrastructure as Code (IaC) using tools such as Terraform, Ansible, Helm, or CloudFormation.</p> </li><li> <p>Implement and manage configuration management and environment provisioning for development, test, staging, and production environments.</p> </li><li> <p>Linux & Platform Engineering</p> </li><li> <p>Administer and harden Linux-based systems (RHEL, CentOS, Rocky, Ubuntu, or similar) in accordance with DoD security standards (e.g., STIGs, CIS Benchmarks).</p> </li><li> <p>Manage system services, networking, access controls, logging, and system monitoring on Linux platforms.</p> </li><li> <p>Troubleshoot performance, reliability, and security issues on Linux servers, containers, and virtual machines.</p> </li><li> <p>Build and maintain containerized workloads (Docker/Podman) and orchestrated environments (Kubernetes/OpenShift or similar).</p> </li><li> <p>Security & Compliance</p> </li><li> <p>Implement and maintain security controls in line with DoD and federal requirements (e.g., RMF, NIST SP 800-53, NIST 800-171, CMMC).</p> </li><li> <p>Support Authority to Operate (ATO) activities by producing required DevSecOps and system artifacts (e.g., pipeline documentation, security test results, configuration baselines).</p> </li><li> <p>Collaborate with ISSOs, security engineers, and program managers to ensure continuous compliance and vulnerability remediation.</p> </li><li> <p>Implement monitoring, alerting, and logging solutions (e.g., ELK/EFK, Splunk, Prometheus/Grafana) to support security operations and incident response.</p> </li><li> <p>Defense Acquisition Support</p> </li><li> <p>Work within the constraints and requirements of DoD acquisition lifecycle frameworks (e.g., DoDI 5000 series, DoD 5000.02, Adaptive Acquisition Framework).</p> </li><li> <p>Align DevSecOps practices with program milestones, deliveries, and documentation expectations (e.g., CDR, TRR, test events, fielding).</p> </li><li> <p>Participate in technical reviews, risk assessments, and planning sessions with program stakeholders and government customers.</p> </li><li> <p>Provide technical input to acquisition artifacts such as System Engineering Plans, Test Plans, and Cybersecurity Strategies.</p> </li><li> <p>Collaboration & Technical Leadership</p> </li><li> <p>Partner with developers, system engineers, cybersecurity, and program management to define secure architecture patterns and deployment strategies.</p> </li><li> <p>Champion DevSecOps best practices, secure coding standards, and continuous improvement across the team.</p> </li><li> <p>Mentor junior engineers and contribute to internal standards, templates, and playbooks.</p> </li></ul> <p>What's in it for you:</p> <ul> <li>3-5 years experience in classified or air-gapped environments and with cross-domain or </li></ul> <p>disconnected DevSecOps workflows.</p> <ul> <li> <p>Secret Clearance REQUIRED.</p> </li><li> <p>Hands-on experience with:</p> </li><li> <p>DoD Enterprise DevSecOps platforms (e.g., Platform One, Iron Bank, relevant containers registries)</p> </li><li> <p>Secrets management tools (e.g., HashiCorp Vault, AWS Secrets Manager, Key Management Systems)</p> </li><li> <p>Cloud platforms (AWS, Azure, GCP) and hybrid/multi-cloud environments in a government context (e.g., IL4/IL5, GovCloud).</p> </li><li> <p>Relevant certifications, such as:</p> </li><li> <p>Security+ CE, CISSP, CASP+, or other DoD 8570/8140 certifications Red Hat (RHCSA/RHCE), Linux Foundation (CKA/CKAD), or similar DevOps/Cloud certifications (e.g., AWS/Azure DevOps Engineer, CNCF).</p> </li><li> <p>Experience with Agile/Scrum or SAFe in defense programs.</p> </li><li> <p>Strong written and verbal communication skills, including the ability to document architectures, pipelines, and security controls clearly for technical and non-technical stakeholders.</p> </li><li> <p>Ability to work collaboratively in a multi-disciplinary, multi-contractor environment.</p> </li><li> <p>Demonstrated problem-solving skills and ownership mindset in highly regulated,</p> </li></ul> <p>mission-critical contexts.</p>