DevSecOps Engineer

DevSecOps Engineer The Staffing Resource Group, Inc - 5.0 Troy, MI Job Details Contract Up to $50 an hour 1 day ago Qualifications Application security testing

Full Job Description DevSecOps Engineer Location:

Troy, Michigan (Hybrid, 60/40 or 70/30 split)

Industry:

Dept. of

Defense Duration:

6-month contract

Pay:

Up to $50/hr.

Clearance:

Ability to obtain Secret clearance

Job Summary:

Seeking a DevSecOps Engineer with primary strength in Application Security for Linux operating environments. The DevSecOps Engineer will analyze C/C++ development environments, system architectures, and safety-critical security risks to define and implement security controls, realized through DevSecOps pipelines, for embedded applications running in Linux environments.

Responsibilities:

Analyze application architectures, deployment topologies, and trust boundaries to identify threats and define appropriate security controls across the development lifecycle Develop and apply threat models to identify vulnerabilities and drive the selection of security controls in code, pipelines, and runtime environments Interact with software developers to guide secure development, perform code reviews, and provide actionable, risk-based recommendations Design, implement, and maintain CI/CD pipelines that enforce and validate security controls (e.g., SAST, SCA, build integrity, artifact security) for C/C++ applications targeting Linux hosts Build C/C++ applications using standard Linux toolchains (e.g., gcc/g++, make, cmake) and resolve compilation and dependency issues Manage and securely handle pipeline artifacts, dependencies, and environment variables, ensuring sensitive information is not exposed in code or logs

Qualifications:

BS Degree in Engineering or related field 3+ years of relevant experience Skilled in Agile, DevOps, and modern delivery practices Strong Linux expertise, including system internals and security topics such as permissions, process isolation, secure execution (non-root services), file handling, and common vulnerability classes Experience building C/C++ applications in Linux environments using gcc, make, or cmake Strong analytical and problem-solving skills with an attacker mindset, able to anticipate and simulate real-world attacks and identify vulnerabilities beyond automated scanning Experience interpreting and applying security frameworks (e.g., STIGs, FIPS 140-x, NIST 800-53) to derive system-specific security controls and implement them within development pipelines and deployed environments Hands-on experience with GitLab CI/CD pipelines, including writing and debugging .gitlab-ci.yml configurations Familiarity with Coverity, Black Duck, or similar

SAST/SCA

tools and understand how to interpret and act on scan results Familiarity with secure handling of secrets and credentials within CI/CD pipelines Ability to obtain Secret Clearance required SRG4 Government Services is a leading provider of information technology, training, engineering, accounting, and intelligence analytical services for agencies in the intelligence, defense, homeland security, cybersecurity, and federal civilian markets. SRG4 utilizes an innovative approach to identify and qualify talent that is unique to the federal contracting industry, featuring a cutting-edge platform that allows us to rapidly and precisely match professionals to client requirements. We have a proprietary database of over one million candidates and maintain continuous contact with our qualified talent. EOE/ADA IND123