DevSecOps Security Integration Lead

The DevSecOps Security Integration Lead serves as the primary technical and compliance integrator responsible for embedding RMF-aligned security controls, automated compliance checks, and continuous monitoring capabilities into CI/CD pipelines. This role drives the transition from traditional ATO processes to continuous ATO (cATO) by designing automated workflows, implementing real-time security validation, and ensuring DevSecOps teams operate in full alignment with DoD cybersecurity requirements. The position is critical to advancing automation maturity, strengthening security posture, and enabling rapid, compliant delivery across development and deployment environments., * Integrates CI/CD pipelines into RMF processes, enabling automated compliance validation, implementation of security controls, and real-time security scans for continuous ATO. Critical for supporting automation and security integration under RMF compliance workflows.

• Leads the integration of RMF compliance into DevSecOps pipelines to support automated compliance validations and facilitate cATO workflows.
• Designs CI/CD workflows that include automated security scans, continuous monitoring activities, and vulnerability remediations integrated into development cycles.
• Aligns DevSecOps team efforts with RMF compliance objectives, embedding security controls into testing and deployment pipelines.
• Develops playbooks or processes for transitioning from traditional ATO to cATO, helping teams operationalize real-time compliance checks.
• Proposes tools and techniques to enhance automation maturity for security controls, risk assessments, and compliance validation.
• Other duties as assigned.

• Experience integrating security controls and RMF requirements into DevSecOps pipelines.
• Strong understanding of DoD RMF, NIST SP 800-53 Rev. 4/5, DoDI 8500.01, and continuous monitoring practices.
• Hands-on experience with CI/CD tools (e.g., GitLab CI, Jenkins, GitHub Actions, Azure DevOps).
• Experience with automated security scanning tools (SAST, DAST, SCA, container scanning, IaC scanning).
• Familiarity with SIEM, vulnerability management platforms, and continuous monitoring technologies.

Desired Skills

• Experience supporting or implementing continuous ATO (cATO) frameworks.
• Knowledge of cloud security (AWS, Azure, DoD Cloud environments).
• Experience with infrastructure-as-code (Terraform, Ansible, CloudFormation).
• Security certifications such as CISSP, CCSP, Security+, or equivalent DoD 8570/8140 certifications.

Education

Bachelor's degree in Cybersecurity, IT, Computer Science, or related field.

Additional Requirements

• Ability to collaborate with ISSMs, ISSOs, system owners, and engineering teams.
• Strong documentation, communication, and stakeholder engagement skills.
• Must be able to pass background screening prior to employment.
• US Citizenship, legal permanent residence, or US work authorization with a minimum of 3 years of US presence is required due to federal contract requirement.
• Active Secret clearance required; ability to obtain TS/SCI preferred.

• Minimum 25% on-site at the Mark Center (Alexandria, VA) or DoD Center - Monterey Bay (Seaside, CA).
• Work hours: 8 a.m. Eastern to 5 p.m. Pacific, Monday-Friday, excluding federal holidays or government closures.
• Incident response may require after-hours support with one-hour recall.

Physical Requirements

• Reliable internet (50 Mbps down / 25 Mbps up) and a secure remote work environment.
• Reasonable accommodations will be provided as needed. (We provide reasonable accommodations to individuals with disabilities to enable them to perform the essential functions.)

Compensation: $115,000-$145,000/year

NexGen Technologies, Inc. is a leading IT services firm specializing in delivering innovative, high-quality solutions to our federal government clients. Our core competencies include IT professional support services, software development, cloud services, IT Operations, Agile project management, and GIS services.