SecDevOps Engineer (Mid-Level 3)
Back to Jobs
KnoxGet Smart Job AI Coach in the appFree on iOS and Android 






SecDevOps Engineer (Mid-Level 3)
Location
Washington D.C.
Experience
Mid
Posted
Jul 7, 2026
Apply by
August 6, 2026
Applicants
0
Early applicantEasy applyFull-timeWork from Office
Job Description
**About Knox**
Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government’s most critical missions — from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance.
Work at Knox is high-impact and purpose-driven. The problems we solve are high-stakes, the expectations are high, and the results are visible. Speed, rigor, and trust matter here - because the environments we secure cannot fail. Your contributions are visible, your expertise is relied upon, and the impact of your work is immediate and measurable. We operate at federal scale, securing some of the most sensitive government environments in the country - because the systems we build must perform without fail.
## The Role
The SecDevOps Engineer designs, automates, and maintains Knox’s secure cloud infrastructure and CI/CD pipelines across AWS, Azure, and GCP within our FedRAMP-authorized, multi-tenant boundaries. Day-to-day, the work centers on Zero Trust access, continuous monitoring, cloud security posture, and observability — keeping secure, compliant, and repeatable operations running across federal cloud environments.
The ideal candidate combines hands-on cloud architecture experience, automation expertise, and a deep security-operations mindset. This role bridges the gap between core cloud engineering and rigorous federal compliance, embedding security controls directly into the deployment fabric using Infrastructure as Code (IaC) and Policy-as-Code frameworks.
## Role Focus & Technical Matrix
**Zero Trust & Identity -** Zscaler (ZPA / PRA), HashiCorp Vault, Okta, Azure AD / Entra ID, AWS IAM Identity Center
**Infrastructure as Code -** Terraform (Primary), Ansible, CloudFormation, GitOps (ArgoCD / Helm)
**Security & Compliance-** FedRAMP (IL4 boundaries), NIST 800-53, Wiz, Qualys, CrowdStrike,
OPA, HashiCorp Sentinel
**Observability & Ops-** Grafana, Prometheus, CloudWatch, PagerDuty, ServiceNow (CAB / eCAB)
## Key Responsibilities
### Zero Trust & Access Management
● Support and operate Zero Trust Network Access (Zscaler ZPA / PRA) architectures including app connectors, privileged remote access, and private application access boundaries.
● Manage privileged credentials, API tokens, and secrets lifecycle using HashiCorp Vault, establishing automated credential flows and programmatic rotation.
● Integrate and maintain federated identity providers (Okta, Azure AD / Entra ID, AWS IAM Identity Center) and actively support ongoing multi-cloud identity migrations.
● Enforce strict least-privilege access models and machine-to-machine credential rotation policies across all automation systems.
### Cloud Infrastructure & Secure Automation
● Build and manage multi-tenant infrastructure across AWS, Azure, and GCP using Infrastructure as Code (Terraform primary; Ansible and CloudFormation as needed).
● Automate end-to-end provisioning, configuration management, and environment deployment workflows via secure CI/CD and GitOps paradigms.
● Manage cloud networking, IAM topologies, and security group configurations tailored strictly to FedRAMP controls and Impact Level 4 (IL4) boundaries.
### CI/CD, Policy-as-Code & Container Security
● Develop and maintain secure CI/CD pipelines utilizing GitHub Actions, GitLab CI, Azure DevOps, or Jenkins.
● Integrate Policy-as-Code frameworks (OPA, HashiCorp Sentinel, or Azure Policy) into pipeline gates to enforce organizational compliance before infrastructure provisioning.
● Embed automated static application security testing (SAST), software composition analysis (SCA), and container vulnerability scans into active deployment workflows.
● Build, deploy, and troubleshoot containerized workloads within managed Kubernetes environments (EKS, AKS, GKE) using Helm, ArgoCD, or Kustomize.
### Continuous Monitoring, Vulnerability & Compliance
● Support FedRAMP Continuous Monitoring (ConMon) cycles, managing incident tickets, Plan of Action and Milestones (POA&M) tracking, and technical remediation follow-through.
● Maintain IaC, pipeline architectures, and operating configurations compliant with FedRAMP and NIST 800-53 standards.
● Automate programmatic audit evidence generation for specific control requirements, including CM-2 (Baseline Configurations), CM-6 (Configuration Settings), AU-2 (Event Logging), and SC-12 (Cryptographic Key Establishment and Management).
● Participate in formal enterprise change management processes via ServiceNow, preparing documentation for Technical Change Reviews and Change Advisory Board (CAB/eCAB) workflows.
### Observability & Incident Reliability
● Deploy and maintain centralized dashboards, alert definitions, log aggregation, and metrics/APM architectures using Grafana, Prometheus, or cloud-native tooling.
● Define, track, and report on Service Level Indicators (SLIs) and Service Level Objectives (SLOs) for critical secure services.
● Participate in the team's operational on-call rotation (PagerDuty), driving rapid incident resolution, root-cause analyses, and P1 war room execution.
## Qualifications
### Required Experience & Skills
● **Experience:** 3–5 years of dedicated professional experience in SecDevOps, Cloud Security Engineering, DevOps, or Platform Engineering.
● **Cloud Infrastructure:** Hands-on production experience with at least one major hyperscaler (AWS preferred), with functional exposure to Azure and/or GCP environments.
● **Automation & Scripting:** High proficiency in Terraform and robust scripting capabilities (Python, Bash, or PowerShell); familiarity with Ansible is preferred.
● **Identity & Secrets:** Practical experience managing enterprise identity/access tooling (Okta, Entra ID) and secrets management platforms (HashiCorp Vault, AWS KMS, or Azure Key Vault).
● **Security Tooling:** Familiarity operating endpoint protection (EDR), cloud security posture management (CSPM), or vulnerability scanning platforms (e.g., CrowdStrike, Wiz, Qualys).
● **Containers:** Experience building, configuring, and troubleshooting containerized environments (Docker, Kubernetes).
● **Compliance Alignment:** A strong conceptual or practical understanding of FedRAMP, NIST 800-53, or SOC 2 compliance frameworks.
### Preferred Certifications
● HashiCorp Certified: Terraform Associate
● AWS Certified SysOps Administrator or Solutions Architect (Associate)
● CompTIA Security+ or equivalent security credential
● Microsoft Certified: Azure Administrator Associate
**Hiring Requirement:** Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process.
Any offer of employment is contingent upon the successful completion of all required pre-employment screenings, including a background check, in accordance with applicable laws and government contract requirements.
**Benefits & Perks**
Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change.
*We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status.*
Key Responsibilities
- Support and operate Zero Trust Network Access architectures including Zscaler ZPA/PRA.
- Manage privileged credentials and secrets lifecycle using HashiCorp Vault.
- Integrate and maintain federated identity providers such as Okta and Azure AD.
- Build and manage multi-tenant infrastructure across AWS, Azure, and GCP using Terraform.
- Automate end-to-end provisioning and deployment workflows via secure CI/CD and GitOps.
- Develop secure CI/CD pipelines and integrate Policy-as-Code frameworks.
- Embed automated security testing and container vulnerability scans into deployment workflows.
- Support FedRAMP Continuous Monitoring cycles and manage POA&M tracking.
- Deploy and maintain centralized dashboards and alert definitions using Grafana and Prometheus.
- Participate in operational on-call rotation and incident resolution.
Skills Required
TerraformPythonBashPowerShellAWSAzureGCPHashiCorp VaultOktaAzure ADAWS IAM Identity CenterZscaler ZPAZscaler PRADockerKubernetesGrafanaPrometheusCloudWatchPagerDutyServiceNowFedRAMPNIST 800-53Security-operations mindsetProblem solvingAttention to detailAnsibleCloudFormationArgoCDHelmKustomizeGitHub ActionsGitLab CIAzure DevOpsJenkinsCrowdStrikeWizQualysOPAHashiCorp SentinelAzure PolicyEKSAKSGKE
Benefits
- Medical insurance
- Dental insurance
- Vision insurance
- Life insurance
- Disability insurance
- Unlimited PEO
- Employee funded 401k plan
App exclusive · Free
Smart Job AI Coach
Your personal interview coach on every job — readiness tips, profile improvements, and role-specific prep. Available only in the Pulse Job app.
Interview readiness
See how prepared you are and what to improve for each role.
Personalized tips
Actionable suggestions based on your profile and the job.
After you apply
Keep coaching momentum from job detail through application success.
Similar roles for you
Matched using this role's title and skills. Open the job search anytime to see every listing.

Cloud DevOps Engineer (GCP)
Commit
Full-timeEasy applyWork from Home
Tbilisi GeorgiaMid

Senior DevOps Engineer (AWS), based in Da Nang
KMS Technology
Full-timeEasy applyHybrid
Da Nang CitySenior

.Net Full Stack Developer (C#, .Net, AWS/Azure/GCP, React/Angular) - 3 - 6 Years - Pune
Worldpay
Full-timeEasy applyWork from Office
PUNEMid

Ingénieur DevOps AWS / GCP H/F
Devoteam
Full-timeEasy applyHybrid
LyonMid

DevOps Specialist - AWS, Azure and Agile Methodologies
DXC Technology
Full-timeEasy applyHybrid
MEX - DIF - MEXICO CITYMid

Senior DevOps Engineer (AWS, Azure)
Exadel
Full-timeEasy applyWork from Home
BrazilSenior