DevSecOps Engineer

DevSecOps Engineer

Department: Information Technology

Employment Type: Full Time

Location: Redondo Beach

Compensation: $125,000 - $175,000 / year

Description

We're looking for a DevSecOps Engineer to secure and optimize the entire development lifecycle from code commit to deployment, while embedding security, compliance, and automation into every step. You'll work across engineering, IT, and compliance teams to ensure our CI/CD pipelines, infrastructure, firmware, and sensitive systems meet stringent aerospace and defense security requirements including CMMC, NIST 800-171, NIST 800-53, and ITAR.

This role blends traditional DevSecOps responsibilities with hands-on support for firmware build pipelines, Linux kernel security, and the secure provisioning of embedded systems.

Responsibilities

Design, implement, and maintain secure CI/CD pipelines using GitLab and related tools for both software and infrastructure delivery

Build and manage Infrastructure as Code (IaC) deployments using Terraform and similar tools to support compliant hybrid-cloud environments

Integrate static code analysis, vulnerability scanning, SBOM generation, and container hardening into developer workflows

Support secure builds, testing, and signing processes for firmware, low-level software, and embedded targets

Work directly with engineering teams to harden Linux kernel configurations, modules, and embedded OS environments

Secure infrastructure and applications across AWS GovCloud, on-prem, and air-gapped environments, including cross-domain data movement with audit trails

Collaborate with infosec and compliance teams to operationalize controls from CMMC, NIST 800-171, NIST 800-53, and ITAR

Contribute to audit prep, documentation, and artifact generation for assessments (e.g. C3PAO, DIBCAC, customer security reviews)

Write tooling and automations in Python, Bash, Go, or C-family languages to support secure builds, deployments, and infrastructure telemetry

Maintain secure artifact registries, firmware repositories, and access-controlled build environments

Lead initiatives in secret management, identity-aware infrastructure, and automated policy enforcement

Educate developers and engineers on secure coding, pipeline hygiene, and compliance-as-code principles

Minimum Qualifications

5+ years of experience in DevSecOps, DevOps, or infrastructure automation roles in production environments

Demonstrated experience with GitLab CI/CD, Terraform, Python, and at least one C-family language (C, C++, Rust), or Linux systems and container orchestration (Kubernetes, Docker)

Hands-on experience with firmware development workflows, embedded toolchains, or build environments for microcontrollers, FPGAs, or real-time OS

Experience with Linux kernel configuration, hardening, or custom kernel module integration

Demonstrated experience supporting or implementing CMMC, NIST 800-171, NIST 800-53, or ITAR requirements

Experience of security controls for software supply chains, including software provenance, SBOMs, and tamper detection

Preferred Skills and Experience

Ability to work hands-on and independently while collaborating across multidisciplinary teams

Experience working in aerospace, defense, or other regulated, safety-critical environments

Familiarity with:

Air-gapped or enclave deployments

GitLab Ultimate or self-hosted runner architectures

Secure boot, UEFI, TPM, or hardware root-of-trust

Yocto, Buildroot, or Real time and embedded Linux build systems

Contributions to open-source security or infrastructure projects

Clearance eligibility or active DoD security clearance

Additional Information:

Compensation bands are determined by role, level, location, and alignment with market data. Individual level and base pay is determined on a case-by-case basis and may vary based on job-related skills, education, experience, technical capabilities and internal equity. In addition to base salary, for full-time hires, you may also be eligible for long-term incentives, in the form of stock options, and access to medical, vision & dental coverage as well as access to a 401(k) retirement plan.

To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.

Impulse Space is an Equal Opportunity Employer; employment with Impulse Space is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.