ForgeApply · Job listing
SecDevOps Engineer (Mid-Level 3)
Knox-systems
Apply in about a minute — without sacrificing quality.
ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.
About this role
About Knox
Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government’s most critical missions — from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance.
Work at Knox is high-impact and purpose-driven. The problems we solve are high-stakes, the expectations are high, and the results are visible. Speed, rigor, and trust matter here - because the environments we secure cannot fail. Your contributions are visible, your expertise is relied upon, and the impact of your work is immediate and measurable. We operate at federal scale, securing some of the most sensitive government environments in the country - because the systems we build must perform without fail.
THE ROLE
The SecDevOps Engineer designs, automates, and maintains Knox’s secure cloud infrastructure and CI/CD pipelines across AWS, Azure, and GCP within our FedRAMP-authorized, multi-tenant boundaries. Day-to-day, the work centers on Zero Trust access, continuous monitoring, cloud security posture, and observability — keeping secure, compliant, and repeatable operations running across federal cloud environments.
The ideal candidate combines hands-on cloud architecture experience, automation expertise, and a deep security-operations mindset. This role bridges the gap between core cloud engineering and rigorous federal compliance, embedding security controls directly into the deployment fabric using Infrastructure as Code (IaC) and Policy-as-Code frameworks.
ROLE FOCUS & TECHNICAL MATRIX
Zero Trust & Identity - Zscaler (ZPA / PRA), HashiCorp Vault, Okta, Azure AD / Entra ID, AWS IAM Identity Center
Infrastructure as Code - Terraform (Primary), Ansible, CloudFormation, GitOps (ArgoCD / Helm)
Security & Compliance- FedRAMP (IL4 boundaries), NIST 800-53, Wiz, Qualys, CrowdStrike,
OPA, HashiCorp Sentinel
Observability & Ops- Grafana, Prometheus, CloudWatch, PagerDuty, ServiceNow (CAB / eCAB)
KEY RESPONSIBILITIES
ZERO TRUST & ACCESS MANAGEMENT
● Support and operate Zero Trust Network Access (Zscaler ZPA / PRA) architectures including app connectors, privileged remote access, and private application access boundaries.
● Manage privileged credentials, API tokens, and secrets lifecycle using HashiCorp Vault, establishing automated credential flows and programmatic rotation.
● Integrate and maintain federated identity providers (Okta, Azure AD / Entra ID, AWS IAM Identity Center) and actively support ongoing multi-cloud identity migrations.
● Enforce strict least-privilege access models and machine-to-machine credential rotation policies across all automation systems.
CLOUD INFRASTRUCTURE & SECURE AUTOMATION
● Build and manage multi-tenant infrastructure across AWS, Azure, and GCP using Infrastructure as Code (Terraform primary; Ansible and CloudFormation as needed).
● Automate end-to-end provisioning, configuration management, and environment deployment workflows via secure CI/CD and GitOps paradigms.
● Manage cloud networking, IAM topologies, and security group configurations tailored strictly to FedRAMP controls and Impact Level 4 (IL4) boundaries.
CI/CD, POLICY-AS-CODE & CONTAINER SECURITY
● Develop and maintain secure CI/CD pipelines utilizing GitHub Actions, GitLab CI, Azure DevOps, or Jenkins.
● Integrate Policy-as-Code frameworks (OPA, HashiCorp Sentinel, or Azure Policy) into pipeline gates to enforce organizational compliance before infrastructure provisioning.
● Embed automated static application security testing (SAST), software composition analysis (SCA), and container vulnerability scans into active deployment workflows.
● Build, deploy, and troubleshoot containerized workloads within managed Kubernetes environments (EKS, AKS, GKE) using Helm, ArgoCD, or Kustomize.
CONTINUOUS MONITORING, VULNERABILITY & COMPLIANCE
● Support FedRAMP Continuous Monitoring (ConMon) cycles, managing incident tickets, Plan of Action and Milestones (POA&M) tracking, and technical remediation follow-through.
● Maintain IaC, pipeline architectures, and operating configurations compliant with FedRAMP and NIST 800-53 standards.
● Automate programmatic audit evidence generation for specific control requirements, including CM-2 (Baseline Configurations), CM-6 (Configuration Settings), AU-2 (Event Logging), and SC-12 (Cryptographic Key Establishment and Management).
● Participate in formal enterprise change management processes via ServiceNow, preparing documentation for Technical Change Reviews and Change Advisory Board (CAB/eCAB) workflows.
OBSERVABILITY & INCIDENT RELIABILITY
● Deploy and maintain centralized dashboards, alert definitions, log aggregation, and metrics/APM architectures using Grafana, Prometheus, or cloud-native tooling.
● Define, track, and report on Service Level Indicators (SLIs) and Service Level Objectives (SLOs) for critical secure services.
● Participate in the team's operational on-call rotation (PagerDuty), driving rapid incident resolution, root-cause analyses, and P1 war room execution.
QUALIFICATIONS
REQUIRED EXPERIENCE & SKILLS
● Experience: 3–5 years of dedicated professional experience in SecDevOps, Cloud Security Engineering, DevOps, or Platform Engineering.
● Cloud Infrastructure: Hands-on production experience with at least one major hyperscaler (AWS preferred), with functional exposure to Azure and/or GCP environments.
● Automation & Scripting: High proficiency in Terraform and robust scripting capabilities (Python, Bash, or PowerShell); familiarity with Ansible is preferred.
● Identity & Secrets: Practical experience managing enterprise identity/access tooling (Okta, Entra ID) and secrets management platforms (HashiCorp Vault, AWS KMS, or Azure Key Vault).
● Security Tooling: Familiarity operating endpoint protection (EDR), cloud security postu
Ready to apply to Knox-systems?
Apply in about a minuteSimilar jobs
- SecDevOps Engineer — Accenturefederalservices · Chantilly, VA
- DevSecOps Engineer III — Kapitus · Remote
- DevOps Engineer III — Zoominfo · Waltham, Massachusetts, United States
- DevOps Engineer III — Zone5technologies · United States
- Mid Level DevOps Engineer — Freedomconsulting · Annapolis Junction, MD
- DevSecOps Engineer — Chaosindustries · El Segundo, California, United States
- DevSecOps Engineer — Bpcs · Camp Springs, MD
- DevSecOps Engineer — Ardentmc · Washington, D.C. Metro
More like this: DevOps & SRE Jobs · DevOps & SRE Jobs in Washington DC · Browse all jobs