Senior Platform / DevSecOps + Security Engineer

Location: Remote
Employment Type: Full-Time (W-2)
Citizenship: U.S. Citizenship required

IntelliTech is seeking a Senior Platform / DevSecOps + Security Engineer to lead the infrastructure modernization, security hardening, authorization pathway, and production promotion of a Government-owned digital twin application deployed in an Army cloud environment. The application is a supply chain simulation platform built on Python, FastAPI, React, and MongoDB and currently operates as a monolithic Docker deployment. This role will help transition it into a production-grade, containerized, split-service architecture aligned to Army cloud platform requirements, DevSecOps delivery practices, and production promotion gates.

This is a hands-on role on a lean, senior team. The ideal candidate will architect deployment infrastructure, build CI/CD pipelines, harden the application for production, support authorization evidence development, and help lead promotion from development through production. This individual will work directly with Army platform teams, security stakeholders, and identity management teams to ensure the application is secure, scalable, supportable, and ready for operational use.

Key Responsibilities

Infrastructure and Deployment Architecture

• Transition the application from a single-host Docker deployment to a split-service containerized architecture using Amazon EKS, ECS, or another approved orchestration model.
• Design and implement multi-tier environment separation across development, test/staging, and production.
• Package frontend, backend API, and simulation worker services as independently deployable container artifacts.
• Implement infrastructure-as-code using Terraform, CloudFormation, or approved equivalents for repeatable provisioning and configuration management.
• Design the distributed execution model allowing simulation workers to scale independently from the API tier with bounded concurrency and isolation controls.
• Configure managed platform services for persistence, caching, object storage, secrets management, and observability.

CI/CD and Release Engineering

• Build and maintain CI/CD pipelines using approved toolchains such as GitLab CI, GitHub Actions, or government-provided platform tooling.
• Integrate automated build, test, container scanning, dependency scanning, SAST, and DAST into the delivery pipeline.
• Implement promotion workflows with quality and security gates for development-to-staging and staging-to-production transitions.
• Generate and maintain software bill of materials (SBOM) and dependency inventories as part of the build process.
• Design rollback and recovery procedures for failed deployments, including restoration of prior known-good versions.

Security Hardening and Compliance

• Harden container images and dependency baselines in alignment with STIG requirements and approved security standards.
• Implement managed secrets storage, encryption in transit and at rest, least-privilege IAM policies, and appropriate network segmentation.
• Integrate vulnerability scanning into release workflows and support remediation tracking.
• Support closure of security findings through remediation, compensating controls, and evidence updates.
• Ensure artifact retention and traceability sufficient to support promotion approval and auditability.

Identity and Access Management

• Integrate the application with CAC-enabled SSO and the identity provider required by the target environment using SAML, OIDC, or platform-specific approaches.
• Replace local account models with externalized authentication through approved identity services.
• Implement role-based access controls for analyst, administrator, and system functions.
• Ensure user actions are traceable to authenticated identities.

Authorization and Production Promotion

• Support the application-specific authorization effort from evidence planning through submission and remediation.
• Produce and maintain authorization artifacts such as architecture diagrams, data flows, SBOMs, scan evidence, logging and monitoring descriptions, and operational runbooks.
• Align evidence to the platform’s inheritance model where applicable rather than building a fully standalone compliance package.
• Coordinate with government security stakeholders on evidence expectations, findings, and remediation.
• Lead technical execution for promotion from development into production through approved DevSecOps pipelines and release gates.

Operations and Sustainment

• Implement centralized logging, metrics, alarms, and service health monitoring across all application components.
• Develop operational runbooks for deployment, monitoring, incident response, scaling, and maintenance.
• Produce administrator and operator documentation, troubleshooting guides, and sustainment handoff materials.
• Support training and transition activities at the conclusion of the implementation period.

Required Qualifications

• Bachelor’s degree in Computer Science, Information Systems, Engineering, Cybersecurity, or a related technical discipline and 8+ years of relevant experience ; or Master’s degree in a related field and 6+ years of relevant experience .
• 8+ years of professional experience in DevOps, platform engineering, infrastructure engineering, or cloud engineering roles.
• Hands-on experience supporting ATO or cATO-related processes , including authorization evidence development, security findings remediation, and working with assessors or platform security stakeholders.
• Experience deploying and operating applications in DoD or other accredited government cloud environments .
• Strong experience with container orchestration using Amazon EKS, ECS, Kubernetes, or similar platforms.
• Strong experience with infrastructure as code , including Terraform, CloudFormation, Helm, or similar tooling.
• Experience designing and maintaining CI/CD pipelines with integrated automated testing, scanning, and promotion controls.
• Experience with security hardening , including STIG-aligned practices, vulnerability remediation, SBOM generation, and secure container/image management.
• Experience with AWS services such as EC2, EKS/ECS, S3, IAM, KMS, Secrets Manager, SSM, CloudWatch, VPC/networking, Redis/ElastiCache, and document or relational persistence services.
• Experience integrating identity and access management solutions such as SSO, SAML, OIDC, RBAC, or CAC-enabled access patterns.
• Strong communication skills and the ability to work directly with technical, operational, and security stakeholders.

Preferred Qualifications

• Direct experience supporting Army cloud environments or similar government-managed enterprise cloud platforms.
• Experience with RMF, eMASS , and inherited authorization models.
• Experience operating in IL4 / IL5 or similarly regulated environments.
• Experience with container security and vulnerability scanning tools such as Prisma Cloud, Anchore, Twistlock, or similar platforms.
• Familiarity with Docker Compose to Kubernetes migration patterns.
• Experience with MongoDB to DocumentDB migration or similar managed database transition efforts.
• Experience supporting Python / FastAPI application deployment and performance tuning.
• Prior experience supporting Army, logistics, manufacturing, industrial base, or enterprise platform modernization programs.
• Certifications such as Security+ , CISSP , or relevant cloud / Kubernetes certifications.

Tech Stack

• Orchestration: Amazon EKS or ECS, Kubernetes, Helm
• IaC: Terraform, CloudFormation
• CI/CD: GitLab CI, GitHub Actions, or government-approved tooling
• Cloud: AWS services including EC2, EKS/ECS, S3, IAM, KMS, Secrets Manager, SSM, CloudWatch, Redis/ElastiCache, and managed persistence services
• Containers: Docker, multi-stage builds, hardened base images
• Security: STIG-aligned hardening, vulnerability scanning, SBOM generation, DAST / SAST
• Identity: CAC / SSO, SAML, OIDC, RBAC
• Monitoring: CloudWatch, Prometheus / Grafana where approved, centralized logging
• Authorization: RMF, eMASS, inherited authorization packages, ATO / cATO evidence support
• Application: Python 3.11+, FastAPI, React, MongoDB / DocumentDB

Interview Process

Video interview required and may include a technical assessment.

Candidates should be prepared to discuss:

• their experience designing and operating secure cloud infrastructure and CI/CD pipelines
• how they have supported authorization, compliance, or security evidence efforts
• examples of applications they have containerized, hardened, and promoted to production
• their experience with AWS, Kubernetes, IaC, scanning, and release automation
• how they have handled identity integration, observability, and secure operations in regulated environments

Compensation and Benefits

IntelliTech is committed to fair and equitable compensation practices. Actual compensation packages are based on several factors unique to each candidate, including but not limited to job-related skills, depth of experience, relevant certifications and training, and specific work location. Based on these factors, IntelliTech utilizes the full width of the salary range.

IntelliTech provides a comprehensive benefits package designed to support employees’ well-being and professional growth, including health, dental, and vision insurance, a 401(k), paid time off, professional development opportunities, and flexible work arrangements to support work-life balance.

About IntelliTech

IntelliTech is a dynamic and forward-thinking small business specializing in Full Stack Engineering, Data Analytics, Cloud Solutions, and DevSecOps services. Our mission is to empower government and commercial clients to solve complex technical challenges through practical, innovative, and mission-focused engineering solutions.

Equal Opportunity Employer

At IntelliTech, we are committed to building a diverse and inclusive workplace. We believe that a variety of perspectives and backgrounds leads to stronger teams and better solutions. IntelliTech is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, gender, age, disability, or veteran status. We encourage all qualified candidates to apply.