DevSecOps Engineer (mobile applications)

Overview:

The Army Training Information System (ATIS) program seeks a skilled and motivated DevSecOps Engineer to support the secure development, deployment, and maintenance of a cutting-edge mobile application. The ideal candidate will have experience integrating security into DevOps pipelines, cloud-native architectures, and mobile application development. This role involves collaborating with cross-functional teams to implement security-focused practices that ensure the reliable and safe delivery of mobile application updates and features. 

• Secure CI/CD Pipeline Development: Design, implement, and maintain secure Continuous Integration/Continuous Deployment (CI/CD) pipelines for mobile applications. Integrate security tools for vulnerability scanning, static code analysis, and dependency management. 

• Automation: Automate build, testing, deployment, and security processes for mobile platforms (iOS and Android), ensuring fast, secure, and reliable releases. 

• Monitoring and Incident Response: Develop monitoring strategies and alerting mechanisms for mobile application performance and security. Support incident detection, response, and resolution for application and infrastructure vulnerabilities. 

• Cloud and Container Security: Deploy and manage mobile backend services in cloud environments with a focus on containerization and securing workloads using tools like Kubernetes, Docker, and cloud-native security solutions. 

• Compliance: Ensure mobile application builds and deployments meet DoD security standards, including RMF, STIGs, and other applicable frameworks. Conduct regular vulnerability assessments and manage remediation efforts. 

• Collaboration and Mentorship: Partner with development teams to incorporate DevSecOps practices, providing guidance on secure coding standards, source control, and branching strategies. Mentor team members on security best practices. 

• Infrastructure as Code (IaC): Use tools like AWS CloudFormation, SAM, and Terraform to automate the provisioning and security of infrastructure. 

• Documentation and Training: Develop and maintain comprehensive documentation for tools, configurations, and processes. Deliver training sessions to enhance team knowledge of DevSecOps practices. 

Required Qualifications: 

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience). 

• 3+ years of experience in DevSecOps, with a focus on mobile application development or cloud-native environments. 

• Expertise with CI/CD tools such as GitLab, GitHub with integrated security tools (e.g., Snyk, SonarQube, or OWASP Dependency-Check). 

• Experience with cloud platforms (e.g., AWS, Azure, Google Cloud) and securing containerized applications. 

• Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation and security tasks. 

• Strong understanding of DoD cybersecurity standards, including STIG compliance, RMF, and vulnerability management tools. 

• Experience with mobile app development workflows, including tools like Xcode, Android Studio, and Fastlane. 

• Excellent problem-solving skills and attention to detail. 

Preferred Qualifications: 

• Certifications such as AWS Certified Security Specialty, Certified Kubernetes Security Specialist (CKS), or CISSP. 

• Experience with mobile app testing frameworks and integrating security tests (e.g., Appium, Espresso, XCTest). 

• Familiarity with secure logging, monitoring, and alerting tools (e.g., Splunk, ELK Stack, Datadog). 

• Prior experience with DoD or government projects. 

• Knowledge of Agile methodologies and tools like Jira or Rally.