DevSecOps Engineer

• CHAOS Industries is redefining modern defense with a multi-product portfolio that gives the ultimate advantage—domain dominance. The company's products are powered by Coherent Distributed Networks (CDN™), empowering warfighters, commercial air operators
• border protection teams to act faster, adapt rapidly
• stay ahead of evolving threats.
• CHAOS Industries was founded in 2022 and has raised a total of $1 billion in funding from leading investors, including 8VC, Accel
• Valor Equity Partners. The company is headquartered in Los Angeles, with offices in Washington, D.C., San Francisco, San Diego, Seattle
• London. For more information, please visit www.chaosinc.com .
• Role Overview:
• Chaos Industries is hiring a DevSecOps Engineer to embed security into every layer of our software development and infrastructure delivery lifecycle. This is a broad, hands-on engineering role
• you’ll own CI/CD pipeline security, automate compliance and vulnerability checks, harden cloud and on-premise environments, and partner with development and operations teams to make “secure by default” a reality, not a checkbox. You’ll work across classified and unclassified environments, applying the same engineering rigor to security that our developers apply to product - fast, repeatable, and built to scale.
• You’ll sit at the intersection of the Engineering and Cybersecurity divisions
• collaborating daily with software engineers, cloud architects, ISSMs, and platform teams to keep the development pipeline moving without compromising the security posture. You’re not a gatekeeper
• you’re an accelerant who happens to care deeply about what gets through.
• From day one you’ll own the security toolchain integrated into our CI/CD pipelines, lead the shift-left security initiative across active development programs
• drive the automation of compliance controls that today require manual effort. Your work directly reduces risk, accelerates delivery
• makes the whole team faster

Responsibilities

• Design, implement, and maintain secure CI/CD pipelines integrating automated security scanning tools (SAST, DAST, SCA, secrets detection) across development workflows using GitHub Actions, GitLab CI, Jenkins, or equivalent.
• Automate security and compliance controls including STIG/SRG validation, vulnerability scanning (ACAS/Nessus), and policy-as-code enforcement (OPA, Conftest) within pipeline and infrastructure workflows.
• Collaborate with software engineers to identify, triage, and remediate application security vulnerabilities; champion secure coding practices, threat modeling, and developer security training across engineering teams.
• Build and manage container security posture including image hardening, runtime protection, Kubernetes security configurations (RBAC, Pod Security Admission, network policies), and registry scanning.
• Design and maintain infrastructure-as-code (Terraform, CloudFormation, Ansible) with integrated security controls; enforce least-privilege, secrets management (Secrets Manager), and configuration compliance.
• Support RMF/ATO activities by automating evidence collection, generating compliance reports
• maintaining continuous monitoring artifacts for cloud and on-premise systems operating within classified or CUI environments.
• Monitor security tooling telemetry, pipeline health dashboards, and vulnerability metrics; produce trend reports and actionable remediation backlogs for engineering and security leadership.
• Coordinate with ISSM/ISSO teams and system administrators to ensure DevSecOps practices align with authorization boundary requirements, CMMC Level 2/3 controls, and DFARS obligations.
• Evaluate and introduce new DevSecOps tooling, frameworks, and practices; build internal documentation, runbooks, and playbooks to operationalize security automation across teams.
• Travel up to 15% CONUS to support program site integrations, government customer engagements, and security architecture reviews.
• Minimum Requirements:
• Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical field. Equivalent experience considered.
• 4–7 years of experience in DevOps, software engineering, or cybersecurity, with demonstrated hands-on experience integrating security tooling into CI/CD pipelines and cloud environments.
• Proficiency in at least one scripting or programming language (Python, Bash, Go, or equivalent) used to build automation, security tooling integrations, or infrastructure-as-code.
• Hands-on experience with container technologies (Docker, Kubernetes) including security hardening, image scanning, and runtime protection in a production environment.
• Working knowledge of cloud security on AWS GovCloud or Azure Government including IAM, network security groups, security monitoring services, and secrets management.
• Familiarity with SAST, DAST, and SCA tooling (SonarQube, Checkmarx, Snyk, OWASP ZAP, Black Duck, or equivalent) and their integration into automated pipelines.
• Active Secret clearance required at time of hire. TS/SCI eligibility preferred.
• Preferred Requirements:
• Active TS clearance.
• Experience supporting NIST RMF ATO processes for software systems or cloud environments, including automated evidence collection and continuous monitoring workflows.
• Familiarity with CMMC Level 2/3 practices, DFARS 252.204-7012, and their application to software development and CI/CD pipeline security controls.
• Experience with GitOps workflows and policy-as-code frameworks (OPA/Gatekeeper, Kyverno, Conftest) for automated governance enforcement.
• Knowledge of software supply chain security practices: SBOM generation, artifact signing (Sigstore/Cosign), and dependency provenance tracking.
• Experience operating in classified or air-gapped environments with disconnected CI/CD toolchains and offline artifact repositories.
• Relevant certifications: Security+, AWS Security Specialty, or equivalent.
• Why CHAOS?
• Health Benefits: Medical, dental, and vision benefits 100% paid for by the company
• Additional benefits : 401k (+ 50% company match up to 6% of pay), FSA, HSA, life insurance, and more
• Our Perks: Free daily lunch, ‘No meeting Fridays’, unlimited PTO, casual dress code
• Compensation Components: Competitive base salaries, generous pre-IPO stock option grants, relocation assistance, and (coming soon!) annual bonuses
• Team Growth: 250 employees and counting across 5 global offices
• The stated compensation range reflects only the targeted base compensation range and excludes additional earnings such as bonus, equity
• benefits. If your compensation requirements fall outside of the range, we still encourage you to apply. The salary range for this role is an estimate based on a range of compensation factors, inclusive of base salary only. Actual salary offer may vary based on (but not limited to) work experience, education and/or training, critical skills, and/or business considerations.
• Recruiting Agencies: CHAOS Industries does not accept unsolicited resumes or outreach. Unsolicited submissions will not be reviewed or compensated.
• #LI-onsite