Principal DevSecOps Engineer (Security Automation & ATO Lead) na Open Positions

Zaden Technologies is seeking a Principal DevSecOps Engineer to lead security and accreditation activities for our defense programs. This role focuses on automation-driven security controls, RMF/ATO ownership, and DevSecOps compliance aligned with DoD DevSecOps Reference Design and Cloud SRG requirements. The ideal candidate will drive security automation across container pipelines, lead Authority to Operate processes, and ensure compliance with DoD security standards in support of critical defense systems.

Role Responsibilities:

• Lead Risk Management Framework (RMF) and Authority to Operate (ATO) activities, including POA&Ms, security control tailoring, and evidence package development
• Automate container and pipeline hardening using Iron Bank, STIG/CIS baselines, SBOM generation, and image signing
• Define and enforce CUI/NIST 800-171 safeguards across build and runtime environments
• Implement policy-as-code frameworks (OPA/Gatekeeper) and integrate security scanning into CI/CD pipelines
• Partner with prime contractor and government stakeholders to meet Cloud SRG IL4/IL5 requirements
• Troubleshoot complex security and infrastructure issues across multi-cloud environments
• Develop and maintain security automation scripts and tooling to reduce manual effort
• Provide technical leadership and mentorship to junior team members on security best practices

Required Qualifications:

• U.S. Citizenship and ability to obtain a security clearance
• 8+ years of experience in cybersecurity or DevSecOps roles, preferably in DoD environments
• Proven experience leading RMF/ATO activities for Secret or TS systems at IL4 or higher
• Deep expertise in container security including Kubernetes, Helm, image scanning/signing, and SBOM generation
• Experience with Risk Management Framework (RMF) and NIST 800-171 requirements
• Strong troubleshooting and problem-solving skills in complex technical environments
• Self-starter with strong self-organizing capabilities and ability to work independently
• Experience administering Linux systems, ideally RHEL and RHEL-based distributions

Preferred Qualifications:

• Active security clearance (Secret or higher)
• Familiarity with DoD Security Requirements Guide (SRG) and DoD DevSecOps Reference Design
• Hands-on experience implementing Authority to Operate (ATO) processes in DoD programs
• Experience with DSOP Container Hardening Guide and NIST 800-53 controls
• Experience with Red Hat Enterprise Linux (RHEL) administration
• Familiarity with Windows environments and Azure Virtual Desktop (AVD)
• Experience with policy-as-code tools such as Open Policy Agent (OPA) or Gatekeeper
• Knowledge of Cloud Security Requirements Guide (SRG) IL4/IL5 compliance requirements

What we offer:

• Robust startup environment with a variety of projects to work on
• Growth paths and endless opportunities to learn and develop
• Paid holidays
• Employer contributions toward 401k
• Performance-based bonus and profit-sharing
• 50% coverage of health insurance for employees and their dependents