Talent.com
Esta oferta de trabajo no está disponible en tu país.
DevOps Engineer

DevOps Engineer

Cypress HCMLima Metropolitana, Lima, Peru
Hace 9 días
Descripción del trabajo

This is an exciting opportunity to join a fast-growing startup in the aerospace / defense industry as their first DevSecOps Engineer. This position will be at the forefront of building out a specialized DevSecOps function to drive a secure, automated software factory supporting products from firmware and FPGA to Android apps, desktop GUIs, and cloud-native microservices. In this role, you will design, build, and harden an end-to-end pipeline that meets DoD continuous Authorization-to-Operate (cATO) requirements across continuous monitoring, active cyber defense, and software supply chain security.

This is a high-ownership, deeply technical, on-site role based in San Diego. The selected individual will be a key contributor from day one, with opportunities to mentor teammates, shape platform strategy, and embed DevSecOps best practices company wide. Ideal candidates will possess the ability to see across systems (firmware, cloud, mobile, etc.) and know how to secure them holistically.

Responsibilities :

  • Develop, implement, and maintain trade policies, standards, and procedures to ensure compliance with Department of State, Department of Commerce, and Department of Treasury regulations.
  • Architects and owns the end-to-end design and implementation of a secure, cATO-compliant DevSecOps pipeline. This includes strategically selecting tooling (e.g., Platform One / Big Bang), defining efficient workflows, and ensuring robust support for diverse deployment targets like cloud, embedded systems, mobile, and desktop applications.
  • Develops and automates critical security controls across all three cATO pillars, establishing continuous monitoring dashboards, implementing active cyber-defense sensors, and generating secure supply chain attestations.
  • Builds and maintains advanced multi-stage CI / CD pipelines utilizing platforms such as GitHub Actions, GitLab CI, or Azure DevOps. These pipelines facilitate cross-compilation of C / C++ and Rust for ARM, development of Android and Windows applications, and the creation of Iron Bank-ready OCI containers.
  • Implements and manages Infrastructure-as-Code and Compliance-as-Code solutions using tools like Terraform, Bicep, and Ansible. This also involves integrating policy-as-code guardrails (OPA, Conftest, Checkov) and automating STIG baseline generation through OpenSCAP.
  • Ensures the security of artifacts and identities throughout the development lifecycle. This involves leveraging technologies such as Entra ID, Key Vault, mTLS, SPIFFE / SPIRE, and Sigstore for cryptographic signing of binaries, containers, and firmware.
  • Integrates robust supply chain security measures, including in-toto attestations, comprehensive CycloneDX SBOMs, SLSA Level 3+ provenance, and artifact quarantines to mitigate supply chain risks.
  • Deploys and manages active cyber defense controls, incorporating runtime agents (Falco, Sysdig), establishing zero-trust network segmentation, and configuring automated rollback mechanisms triggered by identified security events.
  • Works closely and collaboratively with the Information System Security Officer (ISSO) to ensure all pipeline controls, documentation, and automation continuously align with evolving compliance and accreditation needs.
  • Automates the generation of ATO evidence, producing essential OSCAL artifacts, System Security Plans (SSPs), and Plans of Action & Milestones (POA&Ms) with seamless integration into eMASS or Xacta.
  • Implements and maintains full-stack observability, leveraging tools like OpenTelemetry, Prometheus, ELK / Splunk, and configuring SLO-driven alerting to ensure proactive monitoring and rapid response.
  • Provides guidance and mentorship to development teams on adopting secure-by-default practices, effective incident response procedures, and robust threat modeling. This role also fosters a culture of blameless postmortems and continuous improvement.

Requirements and Desired Experience :

  • Bachelor’s degree in Computer Science, Cybersecurity, or related field preferred
  • 7+ years in a DevOps, SRE or security automation role
  • 3+ years supporting regulated U.S. Government environments
  • Must possess proven experience building or operating a pipeline that achieved ATO, FedRAMP, DoD RMF, or cATO
  • Expertise of at least one major CI platform and IaC toolset (e.g., GitHub Actions, GitLab CI, Azure DevOps + Terraform, Bicep, CloudFormation, or Ansible)
  • Experience hardening containers and Kubernetes (e.g., AKS, EKS, RKE2), including SCAP / Inspec scanning, signing, and admission control
  • Strong scripting or automation skills (Python, Bash, Go, or Rust)
  • Familiar with NIST 800-53 Rev 5, DISA STIGs, OWASP SAMM, and SLSA; comfortable writing CCIs and inheriting controls
  • Contributions to DoD DevSecOps programs like Platform One or Iron Bank preferred
  • Experience automating RMF documentation using OSCAL and integrating with eMASS preferred
  • Implementation of in-toto attestations and SLSA Level 4 integrity for firmware / software artifacts is a plus
  • Integration of active cyber sensors (e.g., CrowdStrike, Microsoft Defender for IoT) and SOAR-based response is a plus
  • Experience containerizing FPGA build flows (Vivado, Quartus) with reproducible, signed bitstreams is a plus
  • Knowledge of memory safety tooling (CodeQL, Semgrep) and fuzzing frameworks (AFL++, libFuzzer) is a plus
  • Public speaking, research, or open-source contributions in DevSecOps, software supply chain security, or cATO topics preferred
  • Prior experience supporting classified or air-gapped IL4+ environments is a plus
  • Hands-on security certifications (e.g., CISSP, OSCP, GIAC-DSA) preferred
  • Must be a U.S. Person due to the nature of work & required access to U.S. export-controlled information
  • Must be able to obtain and maintain a U.S. Government security clearance

    • Compensation (DOE) : $140k - $170k annual base salary

    Seniority level

    Seniority level

    Mid-Senior level

    Employment type

    Employment type

    Full-time

    Job function

    Job function

    Engineering and Information Technology

    Industries

    Defense and Space Manufacturing, Robotics Engineering, and Software Development

    Referrals increase your chances of interviewing at Cypress HCM by 2x

    Get notified about new DevOps Engineer jobs in San Diego Metropolitan Area .

    Del Mar, CA

    95,000.00

    105,000.00

    2 weeks ago

    San Diego, CA

    140,000.00

    170,000.00

    7 hours ago

    San Diego, CA

    96,550.00

    138,061.00

    13 hours ago

    Staff DevOps. Env.& CI Infrastructure Software Engineer, AISW Group

    DevOps Support Engineer for MUNIs business

    Site Reliability Engineer (Temp to Perm)

    Carlsbad, CA $135,000 - $176,000 1 week ago

    We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

    J-18808-Ljbffr

    Crear una alerta de empleo para esta búsqueda

    Engineer • Lima Metropolitana, Lima, Peru