DevSecOps Engineer (cleared)

Company Description

iMETALX, Inc. is creating a future where space is accessible and sustainable for all. We provide Space Domain Awareness (SDA) and In-Space Servicing, Assembly and Manufacturing (ISAM) solutions for government and commercial customers. Our work spans spacecraft autonomy (world view, perception, and controls) as well as testing and deploying software on real systems.

We're a small, high-impact engineering team building cross-domain autonomy software that leverages state-of-the-art computer vision, machine learning, simulation, and robust flight/edge deployment practices. This role is a chance to build the secure delivery backbone for systems that matter - from R&D prototypes to operational deployments supporting national security and space missions.

Role Overview

We're seeking a DevSecOps Engineer (Cleared) who can own and evolve the security and deployment foundation of our software organization.

You will design and maintain secure CI/CD pipelines, harden development and build systems, manage infrastructure-as-code, and ensure our engineering workflows are compatible with the realities of government environments: auditability, traceability, secure enclaves, and controlled access.

This is not a "checkbox compliance" role. We want someone who can balance security, reliability, and speed, and who can help us scale from "fast startup engineering" to "defensible, compliant engineering" without killing momentum.

What You'll Do

Secure CI/CD + Developer Enablement

Build and maintain CI/CD pipelines that integrate security from the start (SAST/DAST, dependency scanning, container scanning).

Implement secure build practices: artifact signing, SBOM generation, vulnerability gating, and reproducible builds.

Improve engineer experience through fast feedback loops and self-service tooling. Secure Infrastructure + Environments

Design and maintain cloud and on-prem / gov-enclave infrastructure, using Infrastructure as Code (Terraform preferred).

Create hardened baseline environments for dev/stage/prod with least-privilege defaults and strong identity boundaries.

Support deployments across constrained environments (e.g., air-gapped networks, restricted endpoints, controlled egress). Compliance + ATO/SSP Readiness (DoD reality)

Implement engineering controls and evidence collection aligned with:

NIST 800-53 / RMF

CUI handling requirements

Secure configuration baselines and continuous monitoring

Own the technical implementation for audit readiness: logging, access control, traceability, configuration drift detection. Containers, Kubernetes, and Deployment Security

Secure container workflows:

base image hardening

admission controls

secrets management

runtime monitoring

Maintain Docker + orchestration tooling (Kubernetes nice-to-have; not required). Security Operations & Incident Response Support

Improve observability: centralized logging, metrics, alerting, and security telemetry.

Help define and execute procedures around incident response, vulnerability management, and patch cycles.

iMETALX does not have SCIF space onsite, so expect to travel 10-20% of your time in the first year to support deployment with customers.

Requirements

Required Qualifications

Active U.S. TS Security Clearance

U.S. citizenship is required due to ITAR export-control restrictions.

4+ years of experience in a DevOps/DevSecOps/Platform Engineer or related role, with a focus on security practices.

Expertise with CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI) and their integration with security practices.

Experience with Linux Environments, containerization, and scripting/automation (Python, Bash)

Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, OWASP).

Experience with vulnerability assessments, penetration testing, and remediation techniques.

Ability to work collaboratively in a fast-paced environment and quickly adapt to changing requirements.

Preferred Qualifications

Experience with agile methodologies and project management tools (e.g., JIRA, Trello).

Familiarity with networking concepts and security measures in cloud environments.

Certifications such as CISSP, CISM, or AWS Certified Security Specialty are a plus.

Benefits

Competitive Salary

Health Insurance/Dental

Paid Time Off

401k

Performance Bonus

Equity