New

DevSecOps ENGINEER

Quantum Research International Inc
120000.00 To 145000.00 (USD) Annually
United States, Colorado, Colorado Springs
121 South Tejon Street (Show on map)
May 21, 2026
Overview: Quantum Research International, Inc. (Quantum) provides our national defense and federal civilian and industry customers with services and products in the following main areas: 1) Cybersecurity and Information Operations; 2) Space Operations and Control; 3) Aviation Systems; 4) Ground, Air and Missile Defense, and Fires Support Systems; 5) Intelligence Programs Support; 6) Experimentation and Test; 7) Program Management; and (8) Audio/Visual Technology Applications. Quantum's Corporate Office is located in Huntsville, AL, but Quantum actively hires for positions nationwide and internationally. We pride ourselves on providing high quality support to the U.S. Government and our Nation's Warfighters. In addition to our corporate office, we have physical locations in Aberdeen, MD; Colorado Springs, CO; Crestview, FL; Orlando , FL and Tupelo, MS. Mission: Quantum is seeking a DevSecOps Engineer. As a DevSecOps Engineer, you will serve as a hands-on member of the Software Assurance Team. You will support the secure development, deployment, and maintenance of software by integrating security practices into development workflows, reviewing security tool results, supporting vulnerability remediation, justifying false positives, and assisting with the creation and maintenance of containerized application environments. This role requires close collaboration with cybersecurity teams, software developers, system administrators, and other technical stakeholders to improve software assurance, pipeline security, vulnerability management, and DevSecOps compliance. Responsibilities: Manage security measures for containerized services using Docker, Kubernetes, AWS EKS, Helm, and similar technologies. Develop and maintain documentation related to DevSecOps processes, tools, workflows, and compliance activities. Monitor security tools within CI/CD pipelines and recommend adjustments to improve automation, accuracy, and effectiveness. Collaborate with developers to enforce secure coding standards and identify, validate, and mitigate security risks. Integrate security tools into CI/CD pipelines to support secure deployment practices and reduce software vulnerabilities. Support the transition, configuration, and maintenance of DevSecOps workflows within GitLab. Review results from static application security testing, software composition analysis, container scanning, dynamic testing, and other security tools. Assist development teams with vulnerability remediation, false-positive analysis, and risk-based prioritization. Secure system configurations, install and maintain security tools, scan systems for compliance, report results, and evaluate security posture. Conduct security program audits and develop recommendations to mitigate identified risks. Evaluate, develop, and enhance security assessment capabilities. Perform vulnerability assessments and support the development of risk mitigation strategies. Support implementation of DevSecOps compliance standards set forth by the Army. Applies science and/or engineering techniques to develop cybersecurity controls for information system, network and/or application design. Ensures cybersecurity controls are effectively implemented early in the system design and engineering process to enable the technology to be used at the minimal acceptable level of risk. Serves as a cybersecurity technical expert that participates in critical system development review meetings as part of the acquisition life cycle. Promotes the design and development of secure interface specifications between interconnected systems and develops interface control documentation. Conducts analysis of and documents ports, protocols and services used in information systems and/or networks. Designs, develops, integrates, and updates system security measures (including polices and requirements) that provide confidentiality, integrity, availability authentication, and non-repudiation of information systems, networks, components, and/or applications that are consistent with technical specifications. Conducts analysis of requirements for cross domain solutions, test cross domain solutions and make implementation recommendations. Analyzes and resolves cybersecurity technical problems. Configures testbeds and conducts testing, records and analyzes results, and provides recommendations for improvements for the products/systems under test. Identifies threats and vulnerabilities, develops risk analyses, risk assessment documentation, and researches and develops countermeasures to those threats and vulnerabilities. Promotes secure engineering techniques, principles, architectures, and designs within the organization and with external stakeholders. Techniques for doing so include, but are not limited to, authoring white papers, creating and delivering presentations, and participating/leading working groups or integrated product teams Required Skills and Qualifications: At a minimum should have a bachelor's degree of science in Computer Science or a related engineering or scientific field of study from an accredited college or university. Must have a minimum of two (2) years of experience, of which at least one (1) must be specialized experience including cybersecurity analysis and implementation of cybersecurity technical controls. Must understand heterogeneous information systems and networking technologies. Must understand information system ports, protocols and services. Must understand interface standards specifications and information system programming techniques, best practices and standards. Must have and maintain an appropriate DoDI 8570.01-M (Information Assurance Workforce Improvement Program) certification for the appointed duty level. A MS degree or PhD in a related field may be substituted for one (1) year of experience. Current Secret clearance and able to obtain Top Secret security clearance with SCI eligibility Three to five years of relevant DevSecOps, cybersecurity, software assurance, or secure software development experience. Experience with tools and platforms such as Azure DevOps, GitLab, SonarQube, Sonatype, Burp Suite Professional, and AWS GovCloud. Experience with containerized application deployments using AWS EKS, Helm charts, Docker, Kubernetes, or similar containerization technologies. Proficiency with scripting languages such as PowerShell. Experience creating, configuring, or maintaining containerized applications. Strong experience with C# and .NET programming languages. Ability to review security tool findings, support vulnerability remediation, and document false-positive justifications. Ability to work collaboratively with cybersecurity teams, developers, and technical stakeholders. Must demonstrate a basic understanding of AI governance within source code management platforms such as GitLab, including how governance-related documentation, workflows, and controls may apply to AI-enabled development activities. Familiarity with Army DevSecOps, RMF, software assurance, or compliance requirements. Active Secret security clearance. IAT Level II baseline certification. Computing Environment certification. Desired Skills and Qualifications: Experience with Amazon Web Services architectures, security services, and cloud-native security practices. Experience with secure container deployments and configuring containerized environments. Experience configuring and maintaining automated pipelines within DevOps or DevSecOps environments. Experience developing automated security, compliance, or reporting capabilities. Strong communication skills, especially when coordinating between cybersecurity teams and software development teams. #LI-EH1 Equal Opportunity Employer/Affirmative Action Employer M/F/D/V: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity, or any other characteristic protected by law. *Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.