Platform Security Engineer
United States
Full-time
3 hours ago
No H1B
Key skills
DevSecOpsApplication SecurityCloud SecurityCI/CD PipelinesPolicy-as-CodeCompliance-as-CodeSecurity Scanning ToolsInfrastructure as CodeKubernetes SecurityMicrosoft AzurePythonGoCollaborationCommunicationAIMLExpressAzureTerraformKubernetesGitLab CIAnsibleGitLabSDLCCI/CDNetwork Security
About this role
Modern Technology Solutions, Inc. (MTSI) is seeking a Platform Security & DevSecOps Engineer to support their infrastructure Information Technology team. The role involves embedding security and compliance into the Development Platform and Software Development Lifecycle (SDLC), ensuring that engineering teams can deliver high-quality, compliant solutions efficiently.
Responsibilities:
- Partner with the Platform Architect and DevSecOps Engineers to design and maintain a secure Development Platform and SDLC for developing AI/ML, M&S, and other software solutions
- Define, implement, and maintain security controls within CI/CD pipelines, including SAST, DAST, SCA, container image scanning, secrets detection, and policy gates
- Develop and maintain compliance-as-code and policy-as-code libraries that encode NIST, FIA, RMF, CMMC, IMSA, SSDF, and customer requirements directly into SDLC tooling and CI/CD pipelines
- Work with DevSecOps Engineers to embed these policies into reusable pipeline templates so engineering teams automatically inherit security guardrails when they build and deploy solutions
- Design and implement mechanisms to produce automated, machine-readable evidence bundles with every pipeline run, supporting audits and ATO/cATO packages with minimal manual effort
- Configure and harden security-relevant tooling within the Development Platform, including GitLab, artifact repositories, code quality tools, container registries, remote development environments, and secrets management solutions
- Conduct security design reviews, threat modeling, and risk assessments for platform changes and key workloads, and document recommended mitigations
- Collaborate with Cybersecurity SMEs to map technical controls to formal security requirements, validate their effectiveness, and support accreditation activities
- Monitor and improve the security posture of the Development Platform, including vulnerability management, configuration baselines, security patching, and secure defaults for new projects
- Provide guidance and training to engineering teams on secure coding, secure use of CI/CD, secrets management, and platform security best practices
- Assist with the secure integration and governance of AI-assisted development tools and workflows, ensuring they operate within approved guardrails and data protection requirements
Requirements:
- Bachelor's degree in Cybersecurity, Computer Science, Computer Engineering, or related field with 5 years experience
- Must have an Active DoD Secret clearance with the ability to obtain and maintain a Top Secret clearance; US citizenship required
- 5+ years of combined professional experience in DevSecOps, Application Security, Cloud Security, Platform Engineering, or related roles
- Hands-on experience securing modern DevSecOps toolchains and CI/CD pipelines, preferably with GitLab and GitLab CI
- Strong understanding of secure SDLC practices and how to embed them into automated workflows and tooling used by engineering teams
- Experience implementing and tuning security scanning tools such as SAST, DAST, SCA, container image scanning, and secrets detection
- Experience developing or maintaining policy-as-code and compliance-as-code solutions that drive pipeline behavior and guardrails for product teams (for example, using OPA, Kyverno, or similar approaches)
- Experience with automation standards and tooling such as OSCAL (or similar) to express controls and evidence in machine-readable form and integrate them into CI/CD and SDLC workflows
- Hands-on experience with containerization and Kubernetes security, including RBAC, network policies, secrets management, image provenance, and use of trusted registries
- Experience with Infrastructure as Code tools such as Terraform, Ansible, or similar, and securing IaC patterns for cloud and on-premises environments
- Practical experience with Microsoft Azure cloud services (Azure Government preferred), including identity, network security, storage, and workload protection
- Experience with security and compliance frameworks such as NIST, RMF, FIA, CMMC, IMSA, and SSDF, and how they map to technical controls in the SDLC
- Proficiency in at least one programming or scripting language such as Python, Go, or a similar language used to build security automation and integrations
- Demonstrated ability to collaborate with software, cloud, and cybersecurity teams and to clearly explain security risks and tradeoffs to technical and non-technical stakeholders