DevSecOps Engineer

Metron is an employee-owned company dedicated to delivering innovative solutions for the most challenging national security problems. For over 40 years, our principled approach to problem-solving has yielded creative solutions at the intersection of advanced mathematics, computer science, physics, and engineering. Our people are leaders in their technical fields and are passionate about solving challenging problems. We look for individuals who share this same passion and can apply their experience in real-world settings.  

Job Description: 

Our Reston, VA office is seeking a DevSecOps Engineer to help secure and improve software delivery across the enterprise. This role focuses on embedding security, quality, compliance, and software supply-chain controls into CI/CD workflows while partnering with software development, cybersecurity, platform engineering, systems engineering, and program teams. 

This is an engineering role, not a pure governance or vulnerability-management position. The DevSecOps Engineer will work across Azure DevOps Server, Nexus, SonarQube, Kubernetes/K3s deployment workflows, artifact controls, and secure release patterns to help teams deliver software securely and reliably. 

Occasional after-hours/weekend maintenance and emergency response may be required. 

Key Responsibilities: 

Secure CI/CD & Release Workflows 

• Design, implement, and improve secure CI/CD patterns in Azure DevOps, including reusable YAML templates, quality gates, artifact controls, and release safeguards 
• Support secure release workflows across development, test, integration, staging, and production environments 
• Troubleshoot pipeline failures, permissions issues, dependency problems, scan failures, and release blockers 

Software Supply Chain & Security Controls 

• Integrate security and quality checks into build and release workflows, including SAST, SCA, dependency scanning, secrets scanning, code-quality gates, container scanning, and artifact validation 
• Support tools such as Nexus, SonarQube, Azure DevOps artifacts, and related code-quality or artifact-management platforms 
• Partner with cybersecurity to align CI/CD controls with SSP, RMF, NIST, CMMC, STIG, Zero Trust, audit, and program requirements 

Kubernetes Guardrails & Developer Enablement 

• Partner with platform engineering on secure Kubernetes/K3s deployment standards, including namespaces, RBAC, ServiceAccounts, Helm, ingress, TLS, storage, quotas, and workload security 
• Create documentation, examples, runbooks, and onboarding materials for secure pipeline and deployment workflows 
• Track recurring developer pain points, pipeline health, scan outcomes, release blockers, and control gaps; turn findings into automation, templates, documentation, or improved guardrails 

Required Qualifications: 

• 5+ years of experience in DevOps, DevSecOps, platform engineering, software delivery, systems engineering, or a closely related technical role 
• Hands-on experience with Azure DevOps pipelines, YAML, build/release workflows, repositories, artifacts, permissions, or agent-based builds 
• Experience implementing security, quality, or compliance controls in CI/CD workflows 
• Experience with secure software delivery practices such as SAST, SCA, dependency scanning, secrets handling, code-quality gates, artifact controls, or container scanning 
• Experience troubleshooting CI/CD failures, build issues, deployment problems, permissions issues, or dependency-related errors 
• Experience with Kubernetes, K3s, containers, Helm, or similar deployment technologies 
• Experience with scripting or automation using PowerShell, Bash, Python, or similar languages 
• Ability to write clear technical documentation, runbooks, onboarding guides, and troubleshooting procedures 
• Eligible to obtain and maintain a U.S. security clearance 
• Willing and able to work in regulated, secure, or compliance-bounded environments 

Preferred Qualifications: 

• Active U.S. security clearance 
• Experience with Azure DevOps Server 
• Experience integrating or administering Nexus, SonarQube, or similar artifact and code-quality platforms 
• Experience with SBOM generation, SCA, container scanning, artifact signing, provenance, or software supply-chain security 
• Experience with policy-as-code, OPA/Gatekeeper, Kubernetes admission controls, or secure workload policies 
• Experience with Infrastructure-as-Code or Configuration-as-Code practices using Terraform, Ansible, Bicep, CloudFormation, or similar tools 
• Experience with Prometheus, Grafana, Loki, or similar observability platforms 
• Experience in defense contracting, government programs, CMMC, NIST 800-171, RMF, STIGs, or other compliance-driven environments 

 Position Location: Reston, VA (the selected individual will be expected to work onsite in the Reston, VA office)