Senior DevSecOps Engineer
Firestorm
Other Engineering
San Diego, CA, USA
USD 145k-175k / year
Posted on Jun 3, 2025
Senior DevSecOps Engineer
San Diego, CA
Engineering
In office
Full-time
Who We Are
At Firestorm, we’re on a mission to revolutionize how defense solutions are designed and delivered. Our goal is to empower U.S. ally nations to effectively deter aggressors—regardless of their defense budget—through innovative, cost-efficient technologies. We call this vision “democratized deterrence.” As a VC-backed company at the intersection of defense and Silicon Valley, we’re pioneering the development of mission-adaptable aerial vehicles that put power back into the hands of operators. By prioritizing operator effectiveness, we’re pioneering a new era of aerial vehicle design. We aim to upend the traditional defense procurement model by delivering world-class capabilities at a fraction of the usual cost. Join us at Firestorm as we redefine defense procurement, making cutting-edge technology accessible to all at a fraction of the cost.
About the Role
Firestorm is building out a specialized DevSecOps function to drive a secure, automated software factory supporting every product we ship—from firmware and FPGA to Android apps, desktop GUIs, and cloud-native microservices. As our first Senior DevSecOps Engineer, you’ll design, build, and harden an end-to-end pipeline that meets DoD continuous Authorization-to-Operate (cATO) requirements across continuous monitoring, active cyber defense, and software supply chain security.
This is a high-ownership, deeply technical, on-site role based at our San Diego headquarters. You’ll be a key individual contributor from day one, with opportunities to mentor teammates, shape platform strategy, and embed DevSecOps best practices company-wide. You’ll thrive here if you treat manual work as a system flaw, communicate security clearly across diverse teams, and strike the right balance between startup agility and long-term compliance. We’re looking for someone who sees across systems—firmware, cloud, mobile—and knows how to secure them holistically.
What You’ll Do
- Own the architecture for a secure, cATO-compliant DevSecOps pipeline—selecting tooling (e.g., Platform One / Big Bang), defining workflows, and building support for diverse targets (cloud, embedded, mobile, desktop).
- Automate controls across all three cATO pillars: continuous monitoring dashboards, active cyber-defense sensors, and secure supply chain attestations.
- Stand up multi-stage pipelines using GitHub Actions, GitLab CI, or Azure DevOps to cross-compile C/C++ and Rust for ARM, build Android and Windows apps, and produce Iron Bank-ready OCI containers.
- Implement Infrastructure- and Compliance-as-Code (Terraform, Bicep, Ansible) with policy-as-code guardrails (OPA, Conftest, Checkov) and STIG baseline generation via OpenSCAP.
- Secure artifacts and identities using Entra ID, Key Vault, mTLS, SPIFFE/SPIRE, and Sigstore for cryptographic signing of binaries, containers, and firmware.
- Embed supply chain security via in-toto attestations, CycloneDX SBOMs, SLSA Level 3+ provenance, and artifact quarantines.
- Deploy active cyber defense controls including runtime agents (Falco, Sysdig), zero-trust segmentation, and automated rollback triggered by security events.
- Work closely with our Information System Security Officer (ISSO) to align pipeline controls, documentation, and automation with evolving compliance and accreditation needs.
- Automate ATO evidence generation—producing OSCAL artifacts, SSPs, and POA&Ms integrated with eMASS or Xacta.
- Instrument full-stack observability using OpenTelemetry, Prometheus, ELK/Splunk, and SLO-driven alerting.
- Guide developers on secure-by-default practices, incident response, and threat modeling; build a culture of blameless postmortems and continuous improvement.
Minimum Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
- 7+ years in DevOps, SRE or security automation role, with 3+ years supporting regulated U.S. Government environments
- Demonstrated success building or operating a pipeline that achieved ATO, FedRAMP, DoD RMF, or cATO
- Deep expertise with at least one major CI platform and IaC toolset (e.g., GitHub Actions, GitLab CI, Azure DevOps + Terraform, Bicep, CloudFormation, or Ansible)
- Experience hardening containers and Kubernetes (e.g., AKS, EKS, RKE2), including SCAP/Inspec scanning, signing, and admission control
- Strong scripting or automation skills (Python, Bash, Go, or Rust)
- Familiarity with NIST 800-53 Rev 5, DISA STIGs, OWASP SAMM, and SLSA—comfortable writing CCIs and inheriting controls
- Experience securing heterogeneous build targets: embedded Linux (Yocto/Buildroot), Android, Windows code-signing, and macOS notarization
- U.S. citizenship required with the ability to obtain and maintain a U.S. Government security clearance
Preferred Qualifications
- Contributions to DoD DevSecOps programs like Platform One or Iron Bank
- Experience automating RMF documentation using OSCAL and integrating with eMASS
- Implementation of in-toto attestations and SLSA Level 4 integrity for firmware/software artifacts
- Experience containerizing FPGA build flows (Vivado, Quartus) with reproducible, signed bitstreams
- Knowledge of memory safety tooling (CodeQL, Semgrep) and fuzzing frameworks (AFL++, libFuzzer)
- Integration of active cyber sensors (e.g., CrowdStrike, Microsoft Defender for IoT) and SOAR-based response
- Public speaking, research, or open-source contributions in DevSecOps, software supply chain security, or cATO topics
- Prior experience supporting classified or air-gapped IL4+ environments
- Hands-on security certifications (e.g., CISSP, OSCP, GIAC-DSA)
Work Environment
This is an on-site role based at our headquarters in San Diego, CA. We welcome candidates who are local or open to relocating.
Compensation
US Salary Range: $145,000 - $175,000 USD
The posted salary range reflects an estimate based on a variety of compensation factors, including but not limited to relevant experience, education, certifications, specialized skills, geographic location, and business needs. Actual compensation may vary, and this range is subject to change as our compensation structure or market conditions evolve.
Benefits & Perks
Our culture fosters collaboration, respect, and trust, empowering passionate people to do their best work. We offer a competitive salary, comprehensive benefits, and opportunities for career growth. In addition to an opportunity to take part in an innovative, collaborative and fast-growing business with a highly motivated and skilled team, we also take pride in taking care of our employees. Here are just a few ways that we show our appreciation:
- We offer comprehensive medical, dental, and visions plans
- 401(k) Retirement Savings Plan to invest in your long-term retirement goals
- Unlimited PTO
- Generous Parental Leave
- FSA
- HSA
- Hospital Indemnity insurance
- Critical Illness insurance
- Accident insurance
- Basic Life/AD&D, short-term and long-term disability insurance, 100% covered by Firestorm. Plus, the option to purchase additional life insurance for you and your family.
- Mental Health Resources: We provide free mental health resources 24/7 including therapy and more. Additional work-life services, such as free legal and financial support, are available to you as well.
ITAR Compliance
To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or otherwise eligible to obtain the required authorizations from the U.S. Department of State.
Equal Opportunity Statement
Firestorm is an equal opportunity employer, committed to creating a diverse and inclusive workplace, and upholding equitable hiring practices. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic under federal, state, or local law, including those with a criminal history, in a manner consistent with the requirements of applicable state and local laws, including the CA Fair Chance Initiative for Hiring Ordinance. We actively encourage members of recognized minorities, women, Veterans, and those with disabilities to apply, and we work to create a welcoming and supportive environment for all applicants throughout the interview process.
Firestorm is committed to fostering an inclusive and accessible work environment. If you require accommodations or assistance during the application process, please don’t hesitate to reach out to us at [email protected] so we can provide the support you need.
First name *
Last name *
Email *
LinkedIn URL
Phone number *
Location
Resume *
Click to upload or drag and drop here
Are you a U.S. Citizen or U.S. Person who can obtain and maintain a Security Clearance? *
Do you presently hold an active U.S. security clearance, or are you eligible to obtain and maintain a U.S. security clearance? *
Clearance Eligibility - This position requires eligibility to obtain and maintain a U.S. security clearance
Are you any of the following “protected individual(s)” as defined in the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)? *
EXPORT CONTROLS - This position requires access to information and technology that is subject to U.S. export controls. Your responses to the questions below will be used solely to determine your eligibility under U.S. law to receive information and materials subject to U.S. export controls.
Are you authorized to work in the United States? *
U.S. Work Authorization
Req ID: R34
