DevSecOps Cyber Security Engineer

Job Title: DevSecOps Cyber Security Engineer Location: Fort Gordon, GA (On-Site) Clearance: Active DoD Top Secret (SCI eligible preferred) Position Summary The Information Systems Security Engineer (ISSE) is the hands-on security engineering lead for mission systems at Fort Gordon. This role bridges classic RMF/ATO work with modern DevSecOps practices. You will work with developers, system engineers, and operations teams to design, engineer, and validate secure architecture for both hardware and software systems, ensuring they meet DoD RMF requirements and can obtain and maintain an Authorization to Operate (ATO). Experience with DevSecOps, automation, or cloud is a plus, but this is first and foremost an ISSE / cyber engineering role. If you have strong security engineering/RMF chops and some exposure to automation, CI/CD, or cloud (or a clear desire to grow there), you’re the kind of person we want. Key Responsibilities Serve as the security engineering lead for systems going through the RMF/ATO process (both hardware-centric and software/application systems). Capture, analyze, and refine security requirements and ensure they are integrated into system architecture, design, and implementation. Work with system engineers and developers to build security into designs from the outset (Defense-in-Depth, Zero Trust principles where applicable). Develop and maintain RMF security documentation (e.g., SSPs, SARs, control implementation statements, POA&Ms) in support of initial and ongoing ATOs. Engineer and validate technical control implementations (e.g., identification and authentication, logging and monitoring, boundary protection, vulnerability management). Support or integrate security into CI/CD pipelines and DevSecOps workflows (e.g., adding static/dynamic analysis, container scanning, IaC checks, and automated compliance validations). Work with infrastructure teams to secure and assess virtualized, containerized, and cloud-hosted environments (e.g., VMware, Hyper-V, Kubernetes, AWS, Azure). Perform and support security testing and continuous monitoring: review scan results, track findings, and help design pragmatic remediation paths. Coordinate with ISSOs, ISSMs, Control Assessors, system owners, and mission partners to keep security, performance, and mission needs in balance. Contribute to security patterns, reference architectures, and standard operating procedures to make future RMF/ATO cycles smoother and more repeatable. Required Qualifications We don’t expect one person to check every box, but you should recognize yourself in most of these: Security Engineering / RMF Experience Hands-on experience supporting DoD systems under RMF, including control selection, implementation, and/or validation. Direct involvement in one or more ATO efforts (initial ATO, re-authorization, or significant system change). Technical Foundation Experience administering or engineering on Linux and/or Windows systems in an enterprise or mission environment. Experience with at least one scripting or automation language (e.g., Python, PowerShell, Bash, Ansible, etc.). Familiarity with virtualization platforms (e.g., VMware, Hyper-V, KVM) and/or containerization technologies (e.g., Docker, Kubernetes). DevOps / Automation Exposure Experience with or exposure to CI/CD tools and workflows (e.g., GitLab, GitHub, Azure DevSecOps, Jenkins), OR clear experience automating infrastructure/configuration (e.g., Ansible, Terraform). Comfort working in or near Agile / DevSecOps teams: participating in sprints, grooming security tasks, and integrating security into pipelines rather than treating it as an afterthought. Cyber Standards & Controls Working knowledge of NIST SP 800-53 controls, DoD STIGs, and vulnerability management practices. Ability to read security requirements and turn them into concrete technical tasks for developers and system engineers. Clearance & Certifications Active DoD Top Secret clearance (SCI eligible preferred). Meets or can meet DoD 8570/8140 requirements for an ISSE/IASAE or IAT/IAM Level III role (e.g., SecurityX, CASP, CISSP, etc.) within a reasonable onboarding window. Preferred / Nice-to-Have Qualifications These are not hard gates; they’re signals you’ll be able to hit the ground running faster: Experience integrating security controls into automated build and deployment pipelines (e.g., SAST/DAST, container and IaC scanning, dependency checking). Experience with cloud environments (AWS, Azure, GCC/GCC High) from a security engineering or compliance perspective. Experience with vulnerability and patch management tools (e.g., Nessus, Tenable, Ivanti, or similar). Experience supporting Army, Cyber, or Intelligence Community programs, especially at Fort Gordon. Familiarity with Zero Trust Architecture concepts and their impact on system design. Experience writing or maintaining SOPs, playbooks, or O&M checklists tied to security operations and control sustainment. Comfort mentoring developers or admins on secure configuration and coding practices. Education & Experience Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related field OR Equivalent combination of relevant military, government, or hands-on industry experience in cybersecurity engineering, systems engineering, and/or DevOps. Kwaan Bear IT Solutions, LLC (KBITS) is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind. KBITS is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at KBITS are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. KBITS will not tolerate discrimination or harassment based on any of these characteristics.