Role summary
A DevSecOps Engineer is needed in Reston, VA, to enhance software delivery security and quality across the enterprise. This role involves integrating security, quality, compliance, and software supply-chain controls into CI/CD workflows using tools like Azure DevOps, Nexus, SonarQube, and Kubernetes. The engineer will partner with development, cybersecurity, and platform teams to troubleshoot pipeline issues, implement security checks (SAST, SCA, etc.), and establish secure deployment standards. Experience with scripting, technical documentation, and compliance frameworks like NIST and CMMC is required. This is an engineering-focused position, not a governance role.
About Metron
Metron is an employee-owned company dedicated to delivering innovative solutions for the most challenging national security problems. For over 40 years, our principled approach to problem-solving has yielded creative solutions at the intersection of advanced mathematics, computer science, physics, and engineering. Our people are leaders in their technical fields and are passionate about solving challenging problems. We look for individuals who share this same passion and can apply their experience in real-world settings.
Job Description:
Our Reston, VA office is seeking a DevSecOps Engineer to help secure and improve software delivery across the enterprise. This role focuses on embedding security, quality, compliance, and software supply-chain controls into CI/CD workflows while partnering with software development, cybersecurity, platform engineering, systems engineering, and program teams.
This is an engineering role, not a pure governance or vulnerability-management position. The DevSecOps Engineer will work across Azure DevOps Server, Nexus, SonarQube, Kubernetes/K3s deployment workflows, artifact controls, and secure release patterns to help teams deliver software securely and reliably.
Occasional after-hours/weekend maintenance and emergency response may be required.
Key Responsibilities:
Secure CI/CD & Release Workflows
Design, implement, and improve secure CI/CD patterns in Azure DevOps, including reusable YAML templates, quality gates, artifact controls, and release safeguards
Support secure release workflows across development, test, integration, staging, and production environments
Troubleshoot pipeline failures, permissions issues, dependency problems, scan failures, and release blockers
Software Supply Chain & Security Controls
Integrate security and quality checks into build and release workflows, including SAST, SCA, dependency scanning, secrets scanning, code-quality gates, container scanning, and artifact validation
Support tools such as Nexus, SonarQube, Azure DevOps artifacts, and related code-quality or artifact-management platforms
Partner with cybersecurity to align CI/CD controls with SSP, RMF, NIST, CMMC, STIG, Zero Trust, audit, and program requirements
Kubernetes Guardrails & Developer Enablement
Partner with platform engineering on secure Kubernetes/K3s deployment standards, including namespaces, RBAC, ServiceAccounts, Helm, ingress, TLS, storage, quotas, and workload security
Create documentation, examples, runbooks, and onboarding materials for secure pipeline and deployment workflows
Track recurring developer pain points, pipeline health, scan outcomes, release blockers, and control gaps; turn findings into automation, templates, documentation, or improved guardrails
Required Qualifications:
5+ years of experience in DevOps, DevSecOps, platform engineering, software delivery, systems engineering, or a closely related technical role
Hands-on experience with Azure DevOps pipelines, YAML, build/release workflows, repositories, artifacts, permissions, or agent-based builds
Experience implementing security, quality, or compliance controls in CI/CD workflows
Experience with secure software delivery practices such as SAST, SCA, dependency scanning, secrets handling, code-quality gates, artifact controls, or container scanning
Experience troubleshooting CI/CD failures, build issues, deployment problems, permissions issues, or dependency-related errors
Experience with Kubernetes, K3s, containers, Helm, or similar deployment technologies
Experience with scripting or automation using PowerShell, Bash, Python, or similar languages
Ability to write clear technical documentation, runbooks, onboarding guides, and troubleshooting procedures
Eligible to obtain and maintain a U.S. security clearance
Willing and able to work in regulated, secure, or compliance-bounded environments
Preferred Qualifications:
Active U.S. security clearance
Experience with Azure DevOps Server
Experience integrating or administering Nexus, SonarQube, or similar artifact and code-quality platforms
Experience with SBOM generation, SCA, container scanning, artifact signing, provenance, or software supply-chain security
Experience with policy-as-code, OPA/Gatekeeper, Kubernetes admission controls, or secure workload policies
Experience with Infrastructure-as-Code or Configuration-as-Code practices using Terraform, Ansible, Bicep, CloudFormation, or similar tools
Experience with Prometheus, Grafana, Loki, or similar observability platforms
Experience in defense contracting, government programs, CMMC, NIST 800-171, RMF, STIGs, or other compliance-driven environments
Position Location: Reston, VA (the selected individual will be expected to work onsite in the Reston, VA office)
Perks and Benefits
Medical, Dental and Vision Insurance
Accompanying FSA and HSA options
Additional Voluntary Benefits
Paid Time Off
9 Observed Holidays and 2 Floating Holidays
Paid Parental Leave
Military Leave
Tuition Reimbursement
Professional Development Reimbursement
Annual Salary Reviews
Profit Sharing
401(k) Traditional and Roth Options
Gym and Fitness Reimbursement
Employee Assistance Program
Employee Referral Program
Metron is an Equal Employment Opportunity (EEO) employer. It is the policy of the company to provide equal employment opportunities to all qualified applicants without regard to race, color, religious, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
VEVRAA Federal Contractor
