DevSecOps Engineer needed for a contract to hire opportunity with SOC's client to work onsite in Malibu, CA
*Active TS/SCI is required for the role*
RESPONSIBILITIES:
- Design, implement, and maintain advanced cybersecurity controls and solutions directly within DevSecOps pipelines and associated toolchains (e.g., GitLab, Artifactory, Ansible, SonarQube)
- Configure, integrate, and optimize security tools such as GitLab's SAST/DAST, Artifactory X-Ray, Tenable, Cortex XSIAM, and SonarQube to automate vulnerability detection, code quality analysis, and artifact security
- Translate complex security requirements, including those derived from Risk Management Framework (RMF) and Information Assurance (IA) policies, into actionable technical designs and implementation strategies for software systems
- Provide expert-level technical guidance and hands-on assistance to DevSecOps engineers and software developers on secure coding practices, vulnerability remediation, threat modeling, and building security into CI/CD workflows
- Develop and implement automated security testing procedures (e.g., unit tests, integration tests, fuzzing, penetration testing) to ensure continuous security validation
- Conduct technical deep dives into software architectures and development practices to identify security weaknesses and propose effective mitigation strategies across multi-classification networks
- Collaborate with ISSOs to ensure technical security implementations align with overall security policy, accreditation requirements, and compliance standards
- Manage security configurations of development, test, and production environments, ensuring adherence to baselines and addressing configuration drift
- Research, evaluate, and recommend new security technologies, tools, and best practices to enhance the security posture of our DevSecOps ecosystem
- Develop custom security scripts, automation, and integrations to streamline security processes and improve operational efficiency
- Participate in incident response activities related to software vulnerabilities and security breaches within the development and deployment pipelines
- Document technical security implementations, architectural designs, and standard operating procedures for secure DevSecOps practices
REQUIRED QUALIFICATIONS:
- Active Top Secret (TS/SCI) security clearance
- Minimum of 7 years of experience in a highly technical cybersecurity role, such as Security Engineer, DevSecOps Engineer, or Software Security Engineer
- Minimum of 3 years of hands-on, in-depth experience securing DevSecOps pipelines and integrating security tools
- Demonstrable expertise with GitLab, including extensive experience configuring and utilizing its SAST and DAST capabilities
- Proven experience with Artifactory, specifically leveraging Artifactory X-Ray for software composition analysis (SCA) and vulnerability management
- Deep technical knowledge and hands-on experience with SonarQube for static code analysis and code quality gates
- Expertise in implementing and enforcing the Secure Software Development Framework (SSDF) and secure SDLC principles
- Strong understanding of secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and remediation techniques
- Proficiency in scripting and automation using languages such as Python, Bash, PowerShell, or similar
- Experience securing systems operating on multiple government networks with varying classification levels and understanding of data diode security implications
- Comprehensive technical understanding of the Risk Management Framework (RMF) and Information Assurance (IA) principles as they apply to system implementation and security control mapping
- Familiarity with containerization technologies (e.g., Docker, Kubernetes) and their security best practices
- Excellent problem-solving skills, with the ability to diagnose and resolve complex technical security issues
- Strong collaboration and communication skills, capable of working effectively with development, operations, and security teams
PREFFERED QUALIFICATIONS:
- A current Top Secret/SCI security clearance
- Experience with other security testing tools (e.g., dynamic application security testing (DAST) tools, penetration testing tools, fuzzing tools)
- Background in software development or system administration is a plus, providing a stronger foundation for DevSecOps integration
- Experience with Infrastructure as Code (IaC) and its security implications
- Knowledge of supply chain security best practices for software
EDUCATION:
- Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related technical discipline. (Relevant experience and certifications may be considered in lieu of a degree for exceptionally qualified candidates.)
- DoD 8570.01-M IAT Level II (or higher) certification (e.g., CompTIA Security+, CySA+, GICSP, GSEC, CISSP)
- Relevant technical security certifications such as CSSLP, GCSA, GWAPT, OSCP, or equivalent
Employment Prerequisites
The following requirements must be met to be eligible for this position: successful completion of a background investigation and drug urinalysis.
SOC, a Day & Zimmermann company, is an Equal Opportunity Employer, EOE AA M/F/Vet/Disability.
Note: Any pay ranges displayed are estimations, which may have been provided by job boards. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.
Estimated Min Rate: $49.00
Estimated Max Rate: $70.00 |
SOC LLC
Aug 14, 2025