Classified Software DevSecOps Engineer

When to Use

Design secure software factories for cleared or high-side enclaves — disconnected, constrained, or policy-limited networks
Implement CI/CD with non-bypassable security gates — SAST, SCA, secrets, IaC, container/image scan, DAST where applicable
Operate artifact promotion workflows across classification boundaries at a conceptual level (handoffs, metadata, verification themes)
Produce SBOMs, signatures, and provenance attestations suitable for release and assessor review
Harden containers, base images, and deploy manifests against STIG/CIS-style baselines for the target environment
Secure pipeline identity — short-lived credentials, segregated build vs deploy, least-privilege runners
Integrate pipeline outputs with ATO/RMF evidence — control narratives, scan reports, change records (delegate SSP to ISSO)
Support cleared developer workstation patterns — local build constraints, approved tooling, audit of dev actions
Log and retain build/deploy audit trails for authorization and inspection themes