Senior Platform / DevSecOps + Security Engineer

Location: Remote
Employment Type: Full-Time (W-2)
Citizenship: U.S. Citizenship required

IntelliTech is seeking a Senior Platform / DevSecOps + Security Engineer to lead the infrastructure modernization, security hardening, authorization pathway, and production promotion of a Government-owned digital twin application deployed in an Army cloud environment. The application is a supply chain simulation platform built on Python, FastAPI, React, and MongoDB and currently operates as a monolithic Docker deployment. This role will help transition it into a production-grade, containerized, split-service architecture aligned to Army cloud platform requirements, DevSecOps delivery practices, and production promotion gates.

This is a hands-on role on a lean, senior team. The ideal candidate will architect deployment infrastructure, build CI/CD pipelines, harden the application for production, support authorization evidence development, and help lead promotion from development through production. This individual will work directly with Army platform teams, security stakeholders, and identity management teams to ensure the application is secure, scalable, supportable, and ready for operational use.

Key Responsibilities

Infrastructure and Deployment Architecture

• Transition the application from a single-host Docker deployment to a split-service containerized architecture using Amazon EKS, ECS, or another approved orchestration model.
• Design and implement multi-tier environment separation across development, test/staging, and production.
• Package frontend, backend API, and simulation worker services as independently deployable container artifacts.
• Implement infrastructure-as-code using Terraform, CloudFormation, or approved equivalents for repeatable provisioning and configuration management.
• Design the distributed execution model allowing simulation workers to scale independently from the API tier with bounded concurrency and isolation controls.
• Configure managed platform services for persistence, caching, object storage, secrets management, and observability.

CI/CD and Release Engineering

• Build and maintain CI/CD pipelines using approved toolchains such as GitLab CI, GitHub Actions, or government-provided platform tooling.
• Integrate automated build, test, container scanning, dependency scanning, SAST, and DAST into the delivery pipeline.
• Implement promotion workflows with quality and security gates for development-to-staging and staging-to-production transitions.
• Generate and maintain software bill of materials (SBOM) and dependency inventories as part of the build process.
• Design rollback and recovery procedures for failed deployments, including restoration of prior known-good versions.

Security Hardening and Compliance

• Harden container images and dependency baselines in alignment with STIG requirements and approved security standards.
• Implement managed secrets storage, encryption in transit and at rest, least-privilege IAM policies, and appropriate network segmentation.
• Integrate vulnerability scanning into release workflows and support remediation tracking.
• Support closure of security findings through remediation, compensating controls, and evidence updates.
• Ensure artifact retention and traceability sufficient to support promotion approval and auditability.

Identity and Access Management

• Integrate the application with CAC-enabled SSO and the identity provider required by the target environment using SAML, OIDC, or platform-specific approaches.
• Replace local account models with externalized authentication through approved identity services.
• Implement role-based access controls for analyst, administrator, and system functions.
• Ensure user actions are traceable to authenticated identities.

Authorization and Production Promotion

• Support the application-specific authorization effort from evidence planning through submission and remediation.
• Produce and maintain authorization artifacts such as architecture diagrams, data flows, SBOMs, scan evidence, logging and monitoring descriptions, and operational runbooks.
• Align evidence to the platform’s inheritance model where applicable rather than building a fully standalone compliance package.
• Coordinate with government security stakeholders on evidence expectations, findings, and remediation.
• Lead technical execution for promotion from development into production through approved DevSecOps pipelines and release gates.

Operations and Sustainment

• Implement centralized logging, metrics, alarms, and service health monitoring across all application components.
• Develop operational runbooks for deployment, monitoring, incident response, scaling, and maintenance.
• Produce administrator and operator documentation, troubleshooting guides, and sustainment handoff materials.
• Support training and transition activities at the conclusion of the implementation period.

Required Qualifications

• Bachelor’s degree in Computer Science, Information Systems, Engineering, Cybersecurity, or a related technical discipline and 8+ years of relevant experience