US Citizens only with active clearance REQUIRED

Blue Yonder Defense Solutions (BYDS) is seeking a DevSecOps Engineer to help integrate security practices into our software development and DevOps processes. This role will work closely with development, QA, and operations teams to build and maintain secure CI/CD pipelines, automate security testing, and ensure our platforms and applications meet enterprise security standards.
The ideal candidate is passionate about automation, cloud-native security, and secure software delivery, and has experience embedding security into modern DevOps environments.

DevSecOps Implementation

• Design and implement security controls within CI/CD pipelines to ensure secure software delivery.
• Integrate automated security testing tools such as SAST, DAST, SCA, and container scanning.
• Embed security checks into build and deployment processes to identify vulnerabilities early in the SDLC.

Platform & Infrastructure Security

• Work with DevOps teams to secure cloud infrastructure, containers, and Kubernetes environments.
• Implement Infrastructure-as-Code security scanning and policy enforcement.

Automation & Tooling

• Develop automation scripts and integrations to support security workflows.
• Maintain and enhance CI/CD platforms and pipeline security tooling.
• Integrate vulnerability management tools with development workflows.

Collaboration

• Partner with developers and QA teams to promote secure coding practices.
• Assist engineering teams in remediating vulnerabilities identified during testing and scanning.
• Collaborate with internal and customer security teams to implement organizational security standards.

Compliance & Governance

• Support security compliance requirements such as SOC2, FedRAMP, or DoD security standards where applicable.
• Assist with security audits and vulnerability remediation tracking.
• Help maintain documentation of DevSecOps processes and controls.

Required Qualifications

• 3–6 years of experience in DevOps, DevSecOps, or security engineering.
• Experience building and maintaining CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI, or similar).
• Familiarity with cloud platforms such as AWS, Azure, or GCP.
• Experience with container technologies (Docker, Kubernetes).
• Understanding of secure software development lifecycle (SSDLC) practices.
• Experience integrating security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Container vulnerability scanning
• Scripting experience (Python, Bash, or similar).
• Familiarity with Infrastructure as Code tools (Ansible, Terraform, CloudFormation, etc.).

Preferred Qualifications

• Experience implementing DevSecOps practices in enterprise software environments.
• Knowledge of container and Kubernetes security best practices.
• Experience with secrets management solutions (Vault, AWS Secrets Manager, Azure Key Vault).
• Familiarity with security frameworks such as NIST, CIS Benchmarks, OWASP Top 10
• Experience supporting government or regulated environments (FedRAMP, DoD Impact Levels, etc.).
• Security certifications such as Security , CISSP (associate level), Certified Kubernetes Security Specialist (CKS)

Key Skills

• DevSecOps and secure SDLC
• CI/CD automation
• Cloud security
• Container and Kubernetes security
• Vulnerability management
• Infrastructure as Code
• Security tooling integration

Additional Skills

• Must be well versed in working with a diverse group of stakeholders - business analysts, solution architects, technical managers, developers, QA, customer IT

- Excellent communication (verbal and written) and interpersonal skills

• Ability to work while embedded in customers’ teams remotely

- High degree of initiative and ownership to take a task and own it from inception to completion

-

The salary range information provided, reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual salary will be commensurate with skills, experience, certifications or licenses and other relevant factors. In addition, this role will be eligible to participate in either the annual performance bonus or commission program, determined by the nature of the position.

At Blue Yonder, we care about the wellbeing of our employees and those most important to them. This is reflected in our robust benefits package and options that includes:

• Comprehensive Medical, Dental and Vision

• 401K with Matching

• Flexible Time Off

• Corporate Fitness Program

• A variety of voluntary benefits such as; Legal Plans, Accident and Hospital Indemnity, Pet Insurance and much more

At Blue Yonder, we are committed to a workplace that genuinely fosters inclusion and belonging in which everyone can share their unique voices and talents in a safe space. We continue to be guided by our core values and are proud of our diverse culture as an equal opportunity employer. We understand that your career search may look different than others, and embrace the professional, personal, educational, and volunteer opportunities through which people gain experience.

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

Dev. Sec. Ops Implementation. Design and implement security controls within CI/ CD pipelines to ensure secure software delivery. Integrate automated security testing tools such as SAST, DAST, SCA, and container scanning. Embed security checks into build and deployment processes to identify vulnerabilities early in the SDLC. Platform & Infrastructure Security. Work with DevOps teams to secure cloud infrastructure, containers, and Kubernetes environments. Implement Infrastructure-as-Code security scanning and policy enforcement. Automation & Tooling. Develop automation scripts and integrations to support security workflows. Maintain and enhance CI/ CD platforms and pipeline security tooling. Integrate vulnerability management tools with development workflows. Collaboration. Partner with developers and QA teams to promote secure coding practices. Assist engineering teams in remediating vulnerabilities identified during testing and scanning. Collaborate with internal and customer security teams to implement organizational security standards. Compliance & GovernanceSupport security compliance requirements such as SOC 2, FedRAMP, or DoD security standards where applicable. Assist with security audits and vulnerability remediation tracking. Help maintain documentation of Dev. Sec. Ops processes and controls. Required Qualifications 3–6 years of experience in DevOps, Dev. Sec. Ops, or security engineering. Experience building and maintaining CI/ CD pipelines (GitHub Actions, Jenkins, GitLab CI, or similar). Familiarity with cloud platforms such as AWS, Azure, or GCP. Experience with container technologies (Docker, Kubernetes). Understanding of secure software development lifecycle (SSDLC) practices. Experience integrating security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Container vulnerability scanning. Scripting experience (Python, Bash, or similar). Familiarity with Infrastructure as Code tools (Ansible, Terraform, Cloud. Formation, etc.). Preferred Qualifications. Experience implementing Dev. Sec. Ops practices in enterprise software environments. Knowledge of container and Kubernetes security best practices. Experience with secrets management solutions (Vault, AWS Secrets Manager, Azure Key Vault). Familiarity with security frameworks such as NIST, CIS Benchmarks, OWASP Top 10 Experience supporting government or regulated environments (FedRAMP, DoD Impact Levels, etc.). Security certifications such as Security , CISSP (associate level), Certified Kubernetes Security Specialist (CKS)Key Skills. Dev. Sec. Ops and secure SDLCCI/ CD automation. Cloud security. Container and Kubernetes security. Vulnerability management. Infrastructure as Code. Security tooling integration. Additional Skills. Must be well versed in working with a diverse group of stakeholders - business analysts, solution architects, technical managers, developers, QA, customer IT - Excellent communication (verbal and written) and interpersonal skills. Ability to work while embedded in customers’ teams remotely - High degree of initiative and ownership to take a task and own it from inception to completion -The salary range information provided, reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual salary will be commensurate with skills, experience, certifications or licenses and other relevant factors. In addition, this role will be eligible to participate in either the annual performance bonus or commission program, determined by the nature of the position. At Blue Yonder, we care about the wellbeing of our employees and those most important to them. This is reflected in our robust benefits package and options that includes: Comprehensive Medical, Dental and Vision 401 K with Matching Flexible Time Off Corporate Fitness Program A variety of voluntary benefits such as; Legal Plans, Accident and Hospital Indemnity, Pet Insurance and much more. At Blue Yonder, we are committed to a workplace that genuinely fosters inclusion and belonging in which everyone can share their unique voices and talents in a safe space. We continue to be guided by our core values and are proud of our diverse culture as an equal opportunity employer. We understand that your career search may look different than others, and embrace the professional, personal, educational, and volunteer opportunities through which people gain experience.

search terms: Security Engineer+DevOps