Devops Security Engineer

Department: Operations

Location: Remote (U.S.), West Coast hours preferred

Reports To: Director of DevOps

Classification: Full-Time, Exempt

Estimated Compensation Range: $110K - $140K

Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government’s most critical missions — from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance.

The Devops Security Engineer is a hands-on DevSecOps role responsible for securing cloud-native, multi-tenant environments operating under FedRAMP Moderate/High and NIST SP 800-53 requirements. This role focuses on preventative security, automation, and continuous compliance, embedding security controls directly into infrastructure, CI/CD pipelines, and runtime operations. The engineer will operate CrowdStrike as a core CNAPP and DevSecOps control, alongside CSPM tooling, to prevent misconfigurations, reduce risk, and maintain continuous audit readiness while working directly with customers and internal engineering teams.

Customer Onboarding & Communication

• →

  Serve as a security point of contact for external customers deploying into regulated cloud environments.

• →

  Support customer onboarding by validating application security posture and deployment readiness for FedRAMP environments.

• →

  Review customer security documentation, architectures, and deployment workflows against platform security requirements.

• →

  Communicate security requirements, changes, incident escalations, and compliance questions clearly to customers.

Federal Compliance & Governance (FedRAMP/NIST)

• →

  Implement and operate security controls required for FedRAMP Moderate/High, aligned to NIST SP 800-53.

• →

  Support Continuous Monitoring (ConMon) activities, including vulnerability tracking, POA&M updates, and compliance reporting.

• →

  Maintain and validate FedRAMP security architecture artifacts, including network diagrams, data flow diagrams, trust boundaries, and control flows.

• →

  Validate deployed infrastructure and traffic patterns against approved FedRAMP architectures using flow logs and telemetry.

Security Tooling & Vendor Management

• →

  Operates CrowdStrike as part of the core CNAPP enforcement and DevSecOps control, including IOM/IOA analysis, vulnerability management (Spotlight), workload protection, and telemetry/log review for cloud workloads.

• →

  Integrate CrowdStrike CNAPP and detection signals into automated SOAR and CI/CD workflows to support preventative controls, response, and Continuous Monitoring (ConMon) for FedRAMP compliance.

• →

  Coordinate external penetration testing efforts, including scoping, access, findings review, and remediation tracking.

• →

  Use application security tools (e.g., Burp Suite) to support internal testing and remediation.
  

DevOps, Automation, & Preventative Security

• →

  Implement security and compliance gates in CI/CD pipelines to prevent non-compliant infrastructure or code from reaching production.

• →

  Enforce policy-as-code guardrails for IAM, networking, logging, encryption, and endpoint protection using Terraform.

• →

  Ensure CrowdStrike coverage, logging, and monitoring are enforced as deployment prerequisites.

• →

  Prevent cloud exposure by enforcing network segmentation, approved ingress/egress paths, and least-privilege access.

• →

  Detect and remediate configuration drift using CSPM and automated workflows.

• →

  Secure Kubernetes clusters and containerized workloads to approved security baselines.

• 4+ years of experience in Cloud Security, DevSecOps, or Security Operations roles.

• Hands-on experience operating CrowdStrike Falcon in production environments.

• Direct experience supporting FedRAMP environments and implementing NIST SP 800-53 controls.

• Experience working directly with external customers on security onboarding or deployment readiness.

• Strong experience with Wiz or similar CSPM/CNAPP platforms.

• Proficiency with Terraform and CI/CD tooling (GitHub, GitHub Actions).

• Experience securing multi-cloud environments (AWS required; Azure and/or GCP preferred).

• Strong written and verbal communication skills.
  

• Experience supporting or collaborating with SOC or incident response teams.

• Experience managing external penetration testing engagements.

• Familiarity with System Security Plans (SSPs) and audit artifacts.

• Relevant certifications (AWS Security Specialty, CISSP, CISM, CCSP).

• Experience applying automation or AI-assisted tools to security workflows.

Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change.

We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.