CACI bv is a company focused on supporting the Department of Defense and Air Force with innovative cloud native solutions. They are seeking a Senior DevSecOps Cyber Engineer to be part of an agile development team that builds DevSecOps and Cyber solutions, ensuring compliance with security directives and enhancing identity management systems.
Responsibilities:
- Responsible for researching, designing, developing, testing and supporting new systems, applications, and solutions for enterprise-wide cyber systems and networks via the Platform One ecosystem
- Applies computer science and other cyber physical engineering disciplines to the design, development, integration, and support of new solutions or products that identify, exploit, protect against, or mitigate cyber security vulnerabilities within the Platform One ecosystem and the greater Dept of Air Force
- Integrates new architectural features into existing infrastructures, designs cyber security architectural artifacts, provides architectural analysis of cyber security features, relates existing system to future needs and trends, provides engineering recommendations, and resolves integration and testing issues
- Develop and manage Keycloak Identity Management solutions for Platform One
- Maintain and enhance custom Keycloak realms, themes, and identity flows (OIDC, OAuth2, SAML)
- Support ICAM initiatives including the migration from Keycloak to Okta
- Design and deploy identity-focused Kubernetes-native solutions
- Build and maintain CI/CD pipelines, automated test frameworks, and secure production deployments
- Ensure compliance with DoD and DAF directives (e.g., STIGs, RMF, ATO)
- Provide operational support including incident response and tiered ticket troubleshooting
- Support RBAC/ABAC implementation and ICAM Federation compliance requirements
Requirements:
- 7+ years Development & DevSecOps experience w/ Bachelors or additional relevant experience
- US Citizenship & Eligibility to obtain a US Secret Clearance
- 2+ years experience with Keycloak, including realm configuration, protocol integrations (OIDC/SAML), and custom theming
- 3–5 years of Java development experience, ideally from a software engineering background
- 2–5 years experience with scripting and automation using Python, Bash, or similar
- 3–5 years experience designing and deploying Kubernetes-based solutions
- Experience with CI/CD pipelines, containerization, and secure DevSecOps practices
- Strong familiarity with DoD compliance requirements, such as ATO, STIGs, FedRAMP
- Experience with CAC authentication, PIV tokens, and client-side PKI certificate handling
- Experience working in AWS environments (CLI and SDK)
- Familiarity with IDAM or DoD ICAM Federation Framework and DAFMAN17-1304 compliance
- Okta experience is a strong plus (especially Federation Practice Statement development and migration from Keycloak)
- Experience with ATO/accreditation processes
- Familiarity with scanning and compliance tools like RMF, ACAS, twistlock, PrismaCloud
- Proven ability to work across multi-tenant identity services, supporting thousands of users and integrating with microservices
- Current Secret Security Clearance