DevSecOps Engineer

<p>CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantage—domain dominance. The company's products are powered by Coherent Distributed Networks (CDN™), empowering warfighters, commercial air operators, and border protection teams to act faster, adapt rapidly, and stay ahead of evolving threats.&nbsp;</p> <p>CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors, including 8VC, Accel, and Valor Equity Partners. The company is headquartered in Los Angeles, with offices in Washington, D.C., San Francisco, San Diego, Seattle, and London. For more information, please visit <a href="https://www.chaosinc.com">www.chaosinc.com</a>.</p> <p><strong><span data-contrast="auto">Role Overview:</span></strong></p> <p><span data-contrast="auto">Chaos Industries is hiring a DevSecOps Engineer to embed security into every layer of our software development and infrastructure delivery lifecycle. This is a broad, hands-on engineering role; you’ll own CI/CD pipeline security, automate compliance and vulnerability checks, harden cloud and on-premise environments, and partner with development and operations teams to make “secure by default” a reality, not a checkbox. You’ll work across classified and unclassified environments, applying the same engineering rigor to security that our developers apply to product - fast, repeatable, and built to scale.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:360,&quot;335559739&quot;:0,&quot;335559740&quot;:240}">&nbsp;</span></p> <ul> <li><span data-contrast="auto">You’ll sit at the intersection of the Engineering and Cybersecurity divisions; collaborating daily with software engineers, cloud architects, ISSMs, and platform teams to keep the development pipeline moving without compromising the security posture. You’re not a gatekeeper; you’re an accelerant who happens to care deeply about what gets through.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">From day one you’ll own the security toolchain integrated into our CI/CD pipelines, lead the shift-left security initiative across active development programs, and drive the automation of compliance controls that today require manual effort. Your work directly reduces risk, accelerates delivery, and makes the whole team faster.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> </ul> <p><strong><span data-contrast="auto">Responsibilities: </span></strong><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:360,&quot;335559739&quot;:0,&quot;335559740&quot;:240}">&nbsp;</span></p> <ul> <li><span data-contrast="auto">Design, implement, and maintain secure CI/CD pipelines integrating automated security scanning tools (SAST, DAST, SCA, secrets detection) across development workflows using GitHub Actions, GitLab CI, Jenkins, or equivalent.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Automate security and compliance controls including STIG/SRG validation, vulnerability scanning (ACAS/Nessus), and policy-as-code enforcement (OPA, Conftest) within pipeline and infrastructure workflows.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Collaborate with software engineers to identify, triage, and remediate application security vulnerabilities; champion secure coding practices, threat modeling, and developer security training across engineering teams.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Build and manage container security posture including image hardening, runtime protection, Kubernetes security configurations (RBAC, Pod Security Admission, network policies), and registry scanning.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Design and maintain infrastructure-as-code (Terraform, CloudFormation, Ansible) with integrated security controls; enforce least-privilege, secrets management (Secrets Manager), and configuration compliance.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Support RMF/ATO activities by automating evidence collection, generating compliance reports, and maintaining continuous monitoring artifacts for cloud and on-premise systems operating within classified or CUI environments.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Monitor security tooling telemetry, pipeline health dashboards, and vulnerability metrics; produce trend reports and actionable remediation backlogs for engineering and security leadership.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Coordinate with ISSM/ISSO teams and system administrators to ensure DevSecOps practices align with authorization boundary requirements, CMMC Level 2/3 controls, and DFARS obligations.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Evaluate and introduce new DevSecOps tooling, frameworks, and practices; build internal documentation, runbooks, and playbooks to operationalize security automation across teams.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Travel up to 15% CONUS to support program site integrations, government customer engagements, and security architecture reviews.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> </ul> <p><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:360,&quot;335559739&quot;:0,&quot;335559740&quot;:240}">&nbsp;</span><strong><span data-contrast="auto">Minimum Requirements:</span></strong><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:360,&quot;335559739&quot;:0,&quot;335559740&quot;:240}">&nbsp;</span></p> <ul> <li><span data-contrast="auto">Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical field. Equivalent experience considered.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">4–7 years of experience in DevOps, software engineering, or cybersecurity, with demonstrated hands-on experience integrating security tooling into CI/CD pipelines and cloud environments.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1440,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Proficiency in at least one scripting or programming language (Python, Bash, Go, or equivalent) used to build automation, security tooling integrations, or infrastructure-as-code.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1440,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Hands-on experience with container technologies (Docker, Kubernetes) including security hardening, image scanning, and runtime protection in a production environment.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1440,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Working knowledge of cloud security on AWS GovCloud or Azure Government including IAM, network security groups, security monitoring services, and secrets management.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Familiarity with SAST, DAST, and SCA tooling (SonarQube, Checkmarx, Snyk, OWASP ZAP, Black Duck, or equivalent) and their integration into automated pipelines.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Active Secret clearance required at time of hire. TS/SCI eligibility preferred.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> </ul> <p><strong><span data-contrast="auto">Preferred Requirements:</span></strong><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:360,&quot;335559739&quot;:0,&quot;335559740&quot;:240}">&nbsp;</span></p> <ul> <li><span data-contrast="auto">Active TS clearance.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Experience supporting NIST RMF ATO processes for software systems or cloud environments, including automated evidence collection and continuous monitoring workflows.</span></li> <li><span data-contrast="auto">Familiarity with CMMC Level 2/3 practices, DFARS 252.204-7012, and their application to software development and CI/CD pipeline security controls.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Experience with GitOps workflows and policy-as-code frameworks (OPA/Gatekeeper, Kyverno, Conftest) for automated governance enforcement.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Knowledge of software supply chain security practices: SBOM generation, artifact signing (Sigstore/Cosign), and dependency provenance tracking.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Experience operating in classified or air-gapped environments with disconnected CI/CD toolchains and offline artifact repositories.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> <li><span data-contrast="auto">Relevant certifications: Security+, AWS Security Specialty, or equivalent.</span><span data-ccp-props="{&quot;201341983&quot;:0,&quot;335559685&quot;:1080,&quot;335559739&quot;:0,&quot;335559740&quot;:240,&quot;335559991&quot;:180}">&nbsp;</span></li> </ul> <p><strong>Why CHAOS?</strong></p> <ul> <li><strong>Health Benefits: </strong>Medical, dental, and vision benefits 100% paid for by the company</li> <li><strong>Additional benefits</strong>: 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more</li> <li><strong>Our Perks: </strong>Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code</li> <li><strong>Compensation Components:</strong> Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses</li> <li><strong>Team Growth: </strong>250 employees and counting across 5 global offices</li> </ul> <div><em><strong>Salary Range: $110,000 - $160,000</strong></em></div> <p><em>The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity, and benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations.&nbsp;</em></p> <p>&nbsp;</p> <hr> <h3>Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.</h3> <hr> <p>&nbsp;</p> <p><em>#LI-onsite</em></p>