DescriptionLead Cybersecurity Engineer / Information Systems Security Engineer (ISSE)Cybersecurity Ops Sr PrincipalJob DescriptionSeeking a Lead Cybersecurity Ops Engr / Information System Security Engineer (ISSE) to serve as a subject matter expert (SME) supporting the Department of the Air Force. You design, implement, and sustain DevSecOps pipeline(s) and supporting platform engineering capabilities. You will own the hands-on technical security engineering of the software factory and toolchain (CI/CD, IaC, artifact integrity, scanning, policy gates, and telemetry), ensuring the pipeline produces defensible artifacts and repeatable security outcomes that support assessment readiness and reduce manual compliance efforts.The ISSE shall assume primary responsibility for the execution of the core mission to enable automated Risk Management Framework (RMF) control implementation, evidence generation, and continuous monitoring to achieve and maintain Authority to Operate (ATO/cATO) across all environments. The role focuses on the hands-on technical security engineering of the software factory and toolchain (CI/CD, IaC, artifact integrity, scanning, policy gates, and telemetry), ensuring the pipeline produces defensible artifacts and repeatable security outcomes that support assessment readiness and reduce manual compliance efforts..Typical job responsibilities Include:- DevSecOps Pipeline Security Architecture and Design: Engineer a secure CI/CD pipeline and supporting services aligned with DoW DevSecOps reference designs. Define pipeline security requirements, trust boundaries, data flows, and enforcement points.- Control Implementation as Code: Translate RMF security controls into automated pipeline guardrails, including policy gates, required checks, configuration baselines, and deployment constraints using Infrastructure as Code (IaC).- Automated Security Testing and Quality Gates: Implement and maintain automated scanning (SAST/SCA/Container), IaC scanning, secrets detection, SBOM generation, and policy evaluation to enforce security thresholds within the build process.- Software Supply Chain Integrity: Implement artifact provenance (signing/attestation), hardened base image usage, and release integrity controls to ensure a secure and auditable software supply chain.- Continuous Monitoring Enablement: Engineer logging and telemetry pipelines to support continuous monitoring of pipeline events, platform security, compliance drift, and vulnerability status.- Assessment Readiness and Evidence Packaging: Develop and maintain an
Job Title
Lead Cybersecurity Engineer / Information Systems Security Engineer (ISSE), TS/SCI