DevSecOps Compliance Engineer
Indexed description
What You Will Do
- Integrate ATO Automation platform with customer CI/CD pipelines, source control systems (GitHub, GitLab), and DevOps toolchains
- Configure and maintain automated security control validation workflows using ATO Automation platform's real-time code analysis capabilities
- Implement continuous compliance monitoring by connecting ATO Automation platform to cloud service provider APIs (AWS, Azure) and infrastructure-as-code repositories
- Automate System Security Plan (SSP) generation and maintain synchronization between system configurations and compliance documentation
- Establish security gates within CI/CD pipelines that leverage ATO Automation platform’s automated control assessment capabilities
- Collaborate with development teams to remediate compliance gaps identified through automated scanning
- Configure integrations with security tools including SAST/DAST solutions (Fortify, SonarQube), container security platforms (Aqua, Twistlock), and vulnerability scanners (Tenable, Qualys)
- Deploy ATO Automation platform connectors to GitLab or GitHub Enterprise repositories to enable real-time code analysis for NIST 800-53 control validation
- Configure automated SSP generation workflows that parse infrastructure-as-code templates (Terraform, CloudFormation) and map security controls
- Implement webhook integrations between ATO Automation platform and Jenkins pipelines to trigger compliance assessments on code commits
- Create custom compliance dashboards that display real-time control implementation status across multiple frameworks (FedRAMP, CMMC, DoD SRG)
- Develop automated remediation workflows that create JIRA tickets when ATO Automation platform detects compliance drift
- Active TS/SCI with Poly
- Strong experience with CI/CD platforms (Jenkins, GitLab CI, Azure DevOps, CircleCI)
- Proficiency in Infrastructure as Code tools (Terraform, CloudFormation, ARM templates)
- Deep understanding of NIST 800-53 Rev 5 security controls and FedRAMP compliance requirements
- Experience with containerization and orchestration platforms (Docker, Kubernetes, OpenShift)
- Knowledge of secure coding practices and application security testing methodologies
- Proficiency in scripting languages (Python, Bash, PowerShell) for automation
- Experience integrating security scanning tools into automated pipelines
- Understanding of Git-based version control and branching strategies
- Familiarity with OSCAL (Open Security Controls Assessment Language) standards
- Experience with LLM-based automation platforms and Retrieval-Augmented Generation (RAG) architectures
- Prior implementation of compliance automation tools in federal environments
- Hands-on experience with AWS GovCloud or Azure Government cloud platforms
- Knowledge of CMMC 2.0 requirements and DoD Security Requirements Guide
- Certifications: Certified DevSecOps Professional, AWS Security Specialty, Azure Security Engineer
- Experience with SIEM platforms (Splunk, QRadar) and log aggregation
- Understanding of zero-trust architecture principles
- Familiarity with continuous monitoring (ConMon) requirements for federal systems
BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search