Apply Now

DevSecOps Compliance Engineer

Annapolis Junction, MD, US • Posted 60+ days ago • Updated 7 hours ago

Full Time

On-site

Fitment

Dice Job Match Score™

👾 Reticulating splines...

Job Details

Skills

Software Development
System Security
Documentation
Collaboration
Fortify
Qualys
GitHub
SSP
Dashboard
Real-time
Workflow
JIRA
Continuous Delivery
Jenkins
GitLab
Continuous Integration
DevOps
CircleCI
Terraform
ARM
NIST 800-53
FedRAMP
Orchestration
Docker
Kubernetes
Software Security
Test Methods
Scripting
Python
Bash
Windows PowerShell
Git
Version Control
Security Controls
Regulatory Compliance
Cloud Computing
DoD
DevSecOps
Amazon Web Services
Microsoft Azure
SIEM
Splunk
IBM QRadar
Continuous Monitoring
Supply Chain Management
Predictive Analytics
LinkedIn
Artificial Intelligence

Summary

Overview

BigBear.ai is seeking a DevSecOps Compliance Engineer to serve as the bridge between development operations and security compliance, responsible for implementing and maintaining an automated compliance platform within customer DevSecOps pipelines. This role ensures seamless integration of AI-driven compliance automation into existing software development lifecycles while maintaining continuous compliance monitoring and documentation generation capabilities. This position will be based out of our Columbia, MD office but will support multiple customers in the Baltimore/Washington corridor and beyond.

What you will do

Integrate ATO Automation platform with customer CI/CD pipelines, source control systems (GitHub, GitLab), and DevOps toolchains
Configure and maintain automated security control validation workflows using ATO Automation platform's real-time code analysis capabilities
Implement continuous compliance monitoring by connecting ATO Automation platform to cloud service provider APIs (AWS, Azure) and infrastructure-as-code repositories
Automate System Security Plan (SSP) generation and maintain synchronization between system configurations and compliance documentation
Establish security gates within CI/CD pipelines that leverage ATO Automation platform's automated control assessment capabilities
Collaborate with development teams to remediate compliance gaps identified through automated scanning
Configure integrations with security tools including SAST/DAST solutions (Fortify, SonarQube), container security platforms (Aqua, Twistlock), and vulnerability scanners (Tenable, Qualys)
Deploy ATO Automation platform connectors to GitLab or GitHub Enterprise repositories to enable real-time code analysis for NIST 800-53 control validation

Configure automated SSP generation workflows that parse infrastructure-as-code templates (Terraform, CloudFormation) and map security controls

Implement webhook integrations between ATO Automation platform and Jenkins pipelines to trigger compliance assessments on code commits

Create custom compliance dashboards that display real-time control implementation status across multiple frameworks (FedRAMP, CMMC, DoD SRG)
Develop automated remediation workflows that create JIRA tickets when ATO Automation platform detects compliance drift

What you need to have

Active TS/SCI with Poly
Strong experience with CI/CD platforms (Jenkins, GitLab CI, Azure DevOps, CircleCI)
Proficiency in Infrastructure as Code tools (Terraform, CloudFormation, ARM templates)
Deep understanding of NIST 800-53 Rev 5 security controls and FedRAMP compliance requirements
Experience with containerization and orchestration platforms (Docker, Kubernetes, OpenShift)
Knowledge of secure coding practices and application security testing methodologies
Proficiency in scripting languages (Python, Bash, PowerShell) for automation
Experience integrating security scanning tools into automated pipelines
Understanding of Git-based version control and branching strategies
Familiarity with OSCAL (Open Security Controls Assessment Language) standards

What we'd like you to have

Experience with LLM-based automation platforms and Retrieval-Augmented Generation (RAG) architectures
Prior implementation of compliance automation tools in federal environments
Hands-on experience with AWS GovCloud or Azure Government cloud platforms
Knowledge of CMMC 2.0 requirements and DoD Security Requirements Guide
Certifications: Certified DevSecOps Professional, AWS Security Specialty, Azure Security Engineer
Experience with SIEM platforms (Splunk, QRadar) and log aggregation
Understanding of zero-trust architecture principles
Familiarity with continuous monitoring (ConMon) requirements for federal systems

About BigBear.ai

BigBear.ai is a leading provider of AI-powered decision intelligence solutions for national security, supply chain management, and digital identity. Customers and partners rely on Bigbear.ai's predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit and follow BigBear.ai on LinkedIn: @BigBear.ai and X: @BigBearai.

BigBear.ai is an Equal opportunity employer all protected groups, including protected veterans and individuals with disabilities.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: RTX195e4b
Position Id: 4274
Posted 30+ days ago

Company Info

About BigBear.ai

BigBear.ai is a leading provider of mission-ready AI solutions and services for defense, national security, and critical infrastructure. Customers and partners rely on BigBear.ai’s artificial intelligence and predictive analytics capabilities in highly complex, distributed, mission-based operating environments. Headquartered in McLean, Virginia, BigBear.ai is a public company traded on the NYSE under the symbol BBAI. For more information, visit https://bigbear.ai.

Go to company profile

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Cybersecurity Compliance Analyst

Maryland

•

Today

Overview BigBear.ai is seeking a Cybersecurity Compliance Analyst to Enter manage the overall compliance posture of systems implementing an ATO Automation Platform, interpret automated compliance findings, coordinate with security assessors and Authorizing Officials, and ensure all compliance artifacts meet federal requirements. This role translates technical security implementations into compliance documentation and manages the Authority to Operate (ATO) process. This position will be based ou

Full-time

Cloud Security Architect

Maryland

•

Today

Overview BigBear.ai is seeking a Cloud Security Architect with an active TS/SCI with Poly clearance to design and implement secure cloud architectures that support an ATO Automation Platform deployment while ensuring compliance with federal security requirements. This role leads the technical implementation of an ATO Automation Platform across multi-cloud and hybrid environments, establishes secure integrations with cloud service providers, and ensures the platform operates within customer secu

Full-time

Compliance Training and Enablement Specialist

Maryland

•

Today

Overview BigBear.ai is seeking a Compliance Training and Enablement Specialist with an active TS/SCI with Poly clearance to ensure successful adoption of an ATO Automation Platform by developing comprehensive training programs, providing hands-on enablement to customer teams, and establishing operational processes that maximize the value of automated compliance capabilities. This role bridges the gap between technical implementation and user adoption, ensuring all stakeholders can effectively l

Full-time

AI/ML Security Integration Engineer

Maryland

•

Today

Overview BigBear.ai is seeking an AI/ML Security Integration Engineer with an active TS/SCI clearance with a Poly, to configuring, fine-tuning, and maintaining an ATO Automation Platform's Large Language Model (LLM) capabilities for secure operation within customer environments. This role ensures the AI components of the compliance automation platform function effectively while meeting stringent security requirements for federal deployments, including classified and air-gapped networks. This po

Full-time

Search all similar jobs