DevSecOps Engineer (cleared)

Location: Sausalito, California, United States

Department: Engineering

Workplace: on_site

Employment Type: full

Description

Company Description

iMETALX, Inc. is creating a future where space is accessible and sustainable for all. We provide Space Domain Awareness (SDA) and In-Space Servicing, Assembly and Manufacturing (ISAM) solutions for government and commercial customers. Our work spans spacecraft autonomy (world view, perception, and controls) as well as testing and deploying software on real systems.

We’re a small, high-impact engineering team building cross-domain autonomy software that leverages state-of-the-art computer vision, machine learning, simulation, and robust flight/edge deployment practices. This role is a chance to build the secure delivery backbone for systems that matter — from R&D prototypes to operational deployments supporting national security and space missions.

Role Overview

We’re seeking a DevSecOps Engineer (Cleared) who can own and evolve the security and deployment foundation of our software organization.

You will design and maintain secure CI/CD pipelines, harden development and build systems, manage infrastructure-as-code, and ensure our engineering workflows are compatible with the realities of government environments: auditability, traceability, secure enclaves, and controlled access.

This is not a “checkbox compliance” role. We want someone who can balance security, reliability, and speed, and who can help us scale from “fast startup engineering” to “defensible, compliant engineering” without killing momentum.

What You’ll Do

Secure CI/CD + Developer Enablement

• Build and maintain CI/CD pipelines that integrate security from the start (SAST/DAST, dependency scanning, container scanning).
• Implement secure build practices: artifact signing, SBOM generation, vulnerability gating, and reproducible builds.
• Improve engineer experience through fast feedback loops and self-service tooling.

Secure Infrastructure + Environments

• Design and maintain cloud and on-prem / gov-enclave infrastructure, using Infrastructure as Code (Terraform preferred).
• Create hardened baseline environments for dev/stage/prod with least-privilege defaults and strong identity boundaries.
• Support deployments across constrained environments (e.g., air-gapped networks, restricted endpoints, controlled egress).

Compliance + ATO/SSP Readiness (DoD reality)

• Implement engineering controls and evidence collection aligned with:
• NIST 800-53 / RMF
• CUI handling requirements
• Secure configuration baselines and continuous monitoring
• Own the technical implementation for audit readiness: logging, access control, traceability, configuration drift detection.

Containers, Kubernetes, and Deployment Security

• Secure container workflows:
• base image hardening
• admission controls
• secrets management
• runtime monitoring
• Maintain Docker + orchestration tooling (Kubernetes nice-to-have; not required).

Security Operations & Incident Response Support

• Improve observability: centralized logging, metrics, alerting, and security telemetry.
• Help define and execute procedures around incident response, vulnerability management, and patch cycles.
• iMETALX does not have SCIF space onsite, so expect to travel 10-20% of your time in the first year to support deployment with customers.

Requirements

Required Qualifications

• Active U.S. TS Security Clearance
• U.S. citizenship is required due to ITAR export-control restrictions.
• 4+ years of experience in a DevOps/DevSecOps/Platform Engineer or related role, with a focus on security practices.
• Expertise with CI/CD tools (e.g., Jenkins, GitLab CI, CircleCI) and their integration with security practices.
• Experience with Linux Environments, containerization, and scripting/automation (Python, Bash)
• Knowledge of security frameworks and standards (e.g., NIST, ISO 27001, OWASP).
• Experience with vulnerability assessments, penetration testing, and remediation techniques.
• Ability to work collaboratively in a fast-paced environment and quickly adapt to changing requirements.

Preferred Qualifications

• Experience with agile methodologies and project management tools (e.g., JIRA, Trello).
• Familiarity with networking concepts and security measures in cloud environments.
• Certifications such as CISSP, CISM, or AWS Certified Security Specialty are a plus.

Benefits

• Competitive Salary
• Health Insurance/Dental
• Paid Time Off
• 401k
• Performance Bonus
• Equity