DevSecOps Engineer (Mobile Applications) - Clearance Required

The Army Training Information System (ATIS) program seeks a skilled and motivated DevSecOps Engineer to support the secure development, deployment, and maintenance of a cutting-edge mobile application. The ideal candidate will have experience integrating security into DevOps pipelines, cloud-native architectures, and mobile application development. This role involves collaborating with cross-functional teams to implement security-focused practices that ensure the reliable and safe delivery of mobile application updates and features.

Secure CI/CD Pipeline Development: Design, implement, and maintain secure Continuous Integration/Continuous Deployment (CI/CD) pipelines for mobile applications. Integrate security tools for vulnerability scanning, static code analysis, and dependency management.

• Automation: Automate build, testing, deployment, and security processes for mobile platforms (iOS and Android), ensuring fast, secure, and reliable releases.

• Monitoring and Incident Response: Develop monitoring strategies and alerting mechanisms for mobile application performance and security. Support incident detection, response, and resolution for application and infrastructure vulnerabilities.

• Cloud and Container Security: Deploy and manage mobile backend services in cloud environments with a focus on containerization and securing workloads using tools like Kubernetes, Docker, and cloud-native security solutions.

• Compliance: Ensure mobile application builds and deployments meet DoD security standards, including RMF, STIGs, and other applicable frameworks. Conduct regular vulnerability assessments and manage remediation efforts.

• Collaboration and Mentorship: Partner with development teams to incorporate DevSecOps practices, providing guidance on secure coding standards, source control, and branching strategies. Mentor team members on security best practices.

• Infrastructure as Code (IaC): Use tools like AWS CloudFormation, SAM, and Terraform to automate the provisioning and security of infrastructure.

• Documentation and Training: Develop and maintain comprehensive documentation for tools, configurations, and processes. Deliver training sessions to enhance team knowledge of DevSecOps practices.

Required Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience).

• 5+ years of experience in DevSecOps, with a focus on mobile application development or cloud-native environments.

• Expertise with CI/CD tools such as GitLab, GitHub with integrated security tools (e.g., Snyk, SonarQube, or OWASP Dependency-Check).

• Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and securing containerized applications.

• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation and security tasks.

• Strong understanding of DoD cybersecurity standards, including STIG compliance, RMF, and vulnerability management tools.

• Experience with mobile app development workflows, including tools like Xcode and Android Studio.

• Excellent problem-solving skills and attention to detail.
• Active Secret Clearance required.

Preferred Qualifications:

• Certifications such as AWS Certified Security Specialty, Certified Kubernetes Security Specialist (CKS), or CISSP.
• Experience with React Native workflow.

• Experience with mobile app testing frameworks and integrating security tests (e.g., Appium, Espresso, XCTest).

• Familiarity with secure logging, monitoring, and alerting tools (e.g., Splunk, ELK Stack, Datadog).

• Prior experience with DoD or government projects.

• Knowledge of Agile methodologies and tools like Jira or Rally.