Senior DevSecOps Engineer
San Diego, CA
Full Time Senior-level / Expert Clearance required USD 145K - 175K
Firestorm
Democratizing deterrence through the use of radically affordable, mission-adaptable unmanned aerial systems (UAS) and answering the call for future-proofed systems with open system architectures.- Own the architecture for a secure, cATO-compliant DevSecOps pipeline—selecting tooling (e.g., Platform One / Big Bang), defining workflows, and building support for diverse targets (cloud, embedded, mobile, desktop).
- Automate controls across all three cATO pillars: continuous monitoring dashboards, active cyber-defense sensors, and secure supply chain attestations.
- Stand up multi-stage pipelines using GitHub Actions, GitLab CI, or Azure DevOps to cross-compile C/C++ and Rust for ARM, build Android and Windows apps, and produce Iron Bank-ready OCI containers.
- Implement Infrastructure- and Compliance-as-Code (Terraform, Bicep, Ansible) with policy-as-code guardrails (OPA, Conftest, Checkov) and STIG baseline generation via OpenSCAP.
- Secure artifacts and identities using Entra ID, Key Vault, mTLS, SPIFFE/SPIRE, and Sigstore for cryptographic signing of binaries, containers, and firmware.
- Embed supply chain security via in-toto attestations, CycloneDX SBOMs, SLSA Level 3+ provenance, and artifact quarantines.
- Deploy active cyber defense controls including runtime agents (Falco, Sysdig), zero-trust segmentation, and automated rollback triggered by security events.
- Work closely with our Information System Security Officer (ISSO) to align pipeline controls, documentation, and automation with evolving compliance and accreditation needs.
- Automate ATO evidence generation—producing OSCAL artifacts, SSPs, and POA&Ms integrated with eMASS or Xacta.
- Instrument full-stack observability using OpenTelemetry, Prometheus, ELK/Splunk, and SLO-driven alerting.
- Guide developers on secure-by-default practices, incident response, and threat modeling; build a culture of blameless postmortems and continuous improvement.
- Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
- 7+ years in DevOps, SRE or security automation role, with 3+ years supporting regulated U.S. Government environments
- Demonstrated success building or operating a pipeline that achieved ATO, FedRAMP, DoD RMF, or cATO
- Deep expertise with at least one major CI platform and IaC toolset (e.g., GitHub Actions, GitLab CI, Azure DevOps + Terraform, Bicep, CloudFormation, or Ansible)
- Experience hardening containers and Kubernetes (e.g., AKS, EKS, RKE2), including SCAP/Inspec scanning, signing, and admission control
- Strong scripting or automation skills (Python, Bash, Go, or Rust)
- Familiarity with NIST 800-53 Rev 5, DISA STIGs, OWASP SAMM, and SLSA—comfortable writing CCIs and inheriting controls
- Experience securing heterogeneous build targets: embedded Linux (Yocto/Buildroot), Android, Windows code-signing, and macOS notarization
- U.S. citizenship required with the ability to obtain and maintain a U.S. Government security clearance
- Contributions to DoD DevSecOps programs like Platform One or Iron Bank
- Experience automating RMF documentation using OSCAL and integrating with eMASS
- Implementation of in-toto attestations and SLSA Level 4 integrity for firmware/software artifacts
- Experience containerizing FPGA build flows (Vivado, Quartus) with reproducible, signed bitstreams
- Knowledge of memory safety tooling (CodeQL, Semgrep) and fuzzing frameworks (AFL++, libFuzzer)
- Integration of active cyber sensors (e.g., CrowdStrike, Microsoft Defender for IoT) and SOAR-based response
- Public speaking, research, or open-source contributions in DevSecOps, software supply chain security, or cATO topics
- Prior experience supporting classified or air-gapped IL4+ environments
- Hands-on security certifications (e.g., CISSP, OSCP, GIAC-DSA)
Benefits & Perks Our culture fosters collaboration, respect, and trust, empowering passionate people to do their best work. We offer a competitive salary, comprehensive benefits, and opportunities for career growth. In addition to an opportunity to take part in an innovative, collaborative and fast-growing business with a highly motivated and skilled team, we also take pride in taking care of our employees. Here are just a few ways that we show our appreciation:
- We offer comprehensive medical, dental, and visions plans
- 401(k) Retirement Savings Plan to invest in your long-term retirement goals
- Unlimited PTO
- Generous Parental Leave
- FSA
- HSA
- Hospital Indemnity insurance
- Critical Illness insurance
- Accident insurance
- Basic Life/AD&D, short-term and long-term disability insurance, 100% covered by Firestorm. Plus, the option to purchase additional life insurance for you and your family.
- Mental Health Resources: We provide free mental health resources 24/7 including therapy and more. Additional work-life services, such as free legal and financial support, are available to you as well.
ITAR Compliance To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or otherwise eligible to obtain the required authorizations from the U.S. Department of State. Equal Opportunity Statement Firestorm is an equal opportunity employer, committed to creating a diverse and inclusive workplace, and upholding equitable hiring practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic under federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws, including the CA Fair Chance Initiative for Hiring Ordinance. We actively encourage members of recognized minorities, women, Veterans, and those with disabilities to apply, and we work to create a welcoming and supportive environment for all applicants throughout the interview process. Firestorm is committed to fostering an inclusive and accessible work environment. If you require accommodations or assistance during the application process, please don’t hesitate to reach out to us at careers@launchfirestorm.com so we can provide the support you need.
Tags: Android Ansible Automation Azure Bash C CISSP Clearance Cloud CodeQL Compliance Computer Science CrowdStrike Cyber defense DevOps DevSecOps DISA DoD DoD RMF ELK eMASS FedRAMP Full stack GIAC GitHub GitLab Incident response IoT Kubernetes Linux MacOS Microservices Monitoring NIST NIST 800-53 OSCP OWASP Prometheus Python RMF Rust SAMM SCAP Scripting Security Clearance SOAR Splunk STIGs Strategy System Security Plan Terraform Windows
Perks/benefits: Career development Competitive pay Health care Insurance Medical leave Parental leave Startup environment Team events Unlimited paid time off
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.