Job Description

Technomics is a growing employee-owned, decision analytics company that specializes in cost and economic analysis to facilitate better decisions faster We enable a wide range of clients across the Federal government, from senior level policy makers to program managers, to choose smartly, buy effectively and operate efficiently. We deliver practical, credible and defensible results offering actionable insights by applying data-driven and analytics-based approaches in combination with multidisciplinary talent, subject matter experts, and tangible and repeatable assets in the form of databases, models, approaches and techniques.

Senior Associates use problem-solving principles, processes and methods and complementary software applications to support client engagements and have a direct and significant impact on deliverables to clients. Your work will be guided by more experienced team members, but you will work with autonomy.

Our employee-owners pride themselves on their ability to apply deep analytical rigor and innovative thought that assist clients in understanding and solving a myriad of challenging resource planning and management problems.

This position is located in Arlington, VA.

This position plays a critical role in implementing secure CI/CD pipelines, container security, and Risk Management Framework (RMF) compliance activities. The ideal candidate has foundational experience across DevSecOps, containerization, and security engineering and is eager to grow in a fast-paced, mission-critical environment.

Roles and Responsibilities

• Implement and maintain secure CI/CD pipelines using GitLab CI/CD and automation tools.
• Support the RMF process, including System Security Plan (SSP) development, control implementation, Plan of Action and Milestones (POA&M), and preparation for ATO (Authority to Operate).
• Support the development and maintenance of a DevSecOps automation framework for RMF compliance.
• Assist in the design, development, and deployment of secure containerized applications using Docker, Podman and Kubernetes.
• Apply DoD STIGs, CIS Benchmarks, and other hardening guides.
• Perform and integrate automated security scanning tools (e.g., SAST, SCA, DAST) and compliance checks into the CI/CD process.
• Write and maintain scripts in Python, Bash, and other languages to automate system tasks, scans, and reports.
• Collaborate with security, development, and operations teams to design secure, scalable infrastructure and workflows.
• Collaborate with development and security teams to remediate vulnerabilities and implement security best practices.
• Create and manage tickets in Jira, participate in Agile ceremonies, and support backlog grooming with technical input.
• Perform basic Linux system administration, configuration, and troubleshooting.
• Document system designs, security controls, and standard operating procedures.
• Map security controls to NIST 800-53 and other relevant DoD security standards.
• Stay up-to-date on the latest RMF guidance, security threats, and DevSecOps technologies.

Qualifications

• Bachelor’s degree in computer science, Cybersecurity, Information Systems, or a related technical field (or equivalent work experience).
• 1–3 years of hands-on experience in DevSecOps, Cybersecurity, or Cloud Engineering.
• Basic understanding of the NIST RMF and experience assisting in the ATO process.
• Working knowledge of Docker, Podman, Kubernetes, and container orchestration platforms.
• Experience with GitLab CI/CD pipelines and security automation tools.
• Familiarity with Linux commands and system administration.
• Scripting proficiency in Python and Bash.
• Exposure to vulnerability scanning tools like Nessus, and integration of SAST, SCA, DAST into DevOps pipelines.
• Experience applying STIGs, DISA SRGs, or hardening guidelines to systems.
• Strong communication skills, with the ability to document and present findings effectively.
• Knowledge of NIST SP 800-53, DoDI 8500.01, and DoDI 8510.01
• Active DoW Secret Clearance

Desired Qualifications

• Experience with eMASS or other GRC (Governance, Risk, and Compliance) Tools.
• Familiarity with DoW security policies and procedures.
• Experience with container security and Kubernetes security.
• Familiarity with cloud platforms (AWS, Azure).
• Exposure to infrastructure as code (IaC) using Terraform, Ansible, or similar tools.
• Experience with tools like SCAP, OpenSCAP, or ACAS.
• Familiarity with Agile/Scrum processes and tools (Jira, Confluence)
• Certifications such as IAT Level II/IAM Level I (e.,g CompTIA Security+), Certified Kubernetes Administrator (CKA), others as applicable.
• Familiarity with combat systems such as SSDS and AEGIS.
• A working knowledge of cyber regulations.

We are an Equal Opportunity Employer. As an Equal Opportunity Employer, we do not discriminate on the basis of race, color, religion, national origin, sex, age, marital status, disability or veteran status.