Senior DevSecOps Engineer, Government Systems Security – Compliance

🔥 0 minutes ago

🏄 California – Remote

🏄 California – Remote

💵 $90k - $124k / year

⏰ Full Time

🟠 Senior

⛑ DevOps & Site Reliability Engineer (SRE)

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Red Cat Holdings

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2016

🚀 Aerospace

🔧 Hardware

🔐 Security

Aerospace • Hardware • Security

Red Cat Holdings is a U. S. -based developer and manufacturer of autonomous unmanned systems and intelligence solutions for defense and security customers. The company builds and integrates small unmanned aerial systems (sUAS), FPV drones, extended short-range rotorcraft, and uncrewed surface vessels (USVs) — marketed under product lines like Teal, ARACHNID, Edge 130, and Blue Ops — to provide ISR (intelligence, surveillance, reconnaissance), sensor-to-shooter capabilities, and command-and-control ecosystems. Red Cat emphasizes rugged, low-cost, modular hardware and autonomous software, partners with industry firms (e. g. , Palantir, AeroVironment), and serves military, government, and allied customers including selection for U. S. Army short-range reconnaissance programs.

📋 Description

• Design and implement CI/CD security gates (SAST, dependency scanning, secrets detection, SBOM generation) across ASR’s version control organization (GitHub, GitLab, or equivalent) • Establish structured artifact management with semantic versioning, signed releases, and audit-traceable build provenance; manage release pipelines across incrementally constrained compliance tiers (commercial, CMMC-controlled, SIPRNet-classified) • Own CMMC Level 2 compliance posture; develop and maintain SSP, POA&M, and ATO/IATT support documentation for government program deliveries • Apply NIST SP 800-82 OT security controls to embedded flight software, GCS services, and swarm communications protocols • Implement technical controls for CUI handling, export-controlled repository access, and ITAR/EAR compliance in development workflows • Define threat modeling and SSDF (NIST SP 800-218) practices; maintain SBOM generation per EO 14028 and DoD supply chain requirements • Ensure source control organization meets required security standards: MFA applied as required, least-privilege access controls maintained, audit logging confirmed, and third-party application permissions managed • Support corporate IT integration: align ASR’s development environment with broader CMMC and CUI enclave requirements as the company scales

🎯 Requirements

• Active Secret clearance or demonstrated ability and willingness to obtain one • 5+ years of DevSecOps, security engineering, or information assurance experience, with at least 2 years in a DoD or defense contractor environment • Working knowledge of CMMC 2.0 Level 2 requirements and assessment processes • Practical experience with GitHub Actions, GitLab CI, or equivalent CI/CD platforms, including writing custom pipeline configurations for security automation • Ability to read and reason about C++ and Python codebases for threat modeling, SAST triage, and vulnerability assessment • Understanding of OT/embedded system security distinctions from enterprise IT; ability to apply NIST 800-82 to firmware and autopilot-layer software • Experience with SBOM generation tooling (e.g., Syft, CycloneDX, SPDX) and DoD supply chain security requirements • Familiarity with ITAR/EAR technical controls: CUI handling, export-controlled repository access, and developer access management • Comfort working independently with limited oversight; ability to remain calm and effective under operational pressure

🏖️ Benefits

• generous annual equity package • potential bonuses