Senior DevSecOps Engineer, Government Systems Security & Compliance

TL;DR

Senior DevSecOps Engineer (Government Systems Security): Architect CI/CD security pipelines and own CMMC compliance posture for swarm autonomy software in dual-use commercial and defense environments with an accent on OT security controls for embedded firmware and ground control systems. Focus on implementing threat modeling, SBOM generation, NIST frameworks, and ITAR/EAR compliance for accreditable software artifacts.

Location: Fully remote (US Citizens or Permanent Residents only due to ITAR/EAR restrictions; no sponsorship; occasional travel for testing)

Company

Apium Swarm Robotics (ASR), part of hirify.global, builds real-time collaborative swarming software for air, surface, undersea, and ground vehicles deployed on operational platforms in complex safety-critical conditions.

What you will do

• Design and implement CI/CD security gates including SAST, dependency scanning, secrets detection, and SBOM generation across version control.
• Establish artifact management with semantic versioning, signed releases, and audit-traceable pipelines for commercial to classified compliance tiers.
• Own CMMC Level 2 compliance including SSP, POA&M, and ATO documentation for government deliveries.
• Apply NIST SP 800-82 OT security controls to embedded flight software, GCS services, and swarm protocols.
• Implement controls for CUI handling, export-controlled access, and ITAR/EAR in development workflows.
• Define threat modeling, SSDF practices, and ensure source control meets security standards like MFA and least-privilege access.

Requirements

• Must be a US Citizen
• Active Secret clearance or ability to obtain one
• 5+ years DevSecOps, security engineering, or IA experience, with 2+ years in DoD/defense contractor environments
• Working knowledge of CMMC 2.0 Level 2 and assessment processes
• Experience with GitHub Actions/GitLab CI for security automation pipelines
• Ability to read C++ and Python for threat modeling and vulnerability assessment
• Understanding of OT/embedded security vs enterprise IT; NIST 800-82 application
• Experience with SBOM tools and DoD supply chain requirements
• Familiarity with ITAR/EAR controls for CUI and repository access

Nice to have

• BS in Computer Science or related
• Experience authoring NIST SP 800-171 SSP/POA&M in DoD environments
• CMMC RP/CP or DoD 8570/8140 cert (CISSP, Security+)
• Familiarity with RMF, DISA STIG for Linux embedded systems
• Experience with Android app security, UAS/robotics, PX4/ArduPilot, ATAK/WinTAK
• Active TS/SCI clearance

Culture & Benefits

• Work from home enabled by advanced SITL suite; occasional travel for field testing and demos
• Base pay plus equity and potential bonuses
• Emphasis on performance, operational reliability, and mission relevance over hype
• Comfort with responsibility, ambiguity, and high-stakes accountability