DevSecOps Engineer

Department: Information Technology

Location: Redondo Beach

Compensation: $125,000 - $175,000 / year

Description

We're looking for a DevSecOps Engineer to secure and optimize the entire development lifecycle from code commit to deployment, while embedding security, compliance, and automation into every step. You’ll work across engineering, IT, and compliance teams to ensure our CI/CD pipelines, infrastructure, firmware, and sensitive systems meet stringent aerospace and defense security requirements including CMMC, NIST 800-171, NIST 800-53, and ITAR.

This role blends traditional DevSecOps responsibilities with hands-on support for firmware build pipelines, Linux kernel security, and the secure provisioning of embedded systems.

Responsibilities

• Design, implement, and maintain secure CI/CD pipelines using GitLab and related tools for both software and infrastructure delivery
• Build and manage Infrastructure as Code (IaC) deployments using Terraform and similar tools to support compliant hybrid-cloud environments
• Integrate static code analysis, vulnerability scanning, SBOM generation, and container hardening into developer workflows
• Support secure builds, testing, and signing processes for firmware, low-level software, and embedded targets
• Work directly with engineering teams to harden Linux kernel configurations, modules, and embedded OS environments
• Secure infrastructure and applications across AWS GovCloud, on-prem, and air-gapped environments, including cross-domain data movement with audit trails
• Collaborate with infosec and compliance teams to operationalize controls from CMMC, NIST 800-171, NIST 800-53, and ITAR
• Contribute to audit prep, documentation, and artifact generation for assessments (e.g. C3PAO, DIBCAC, customer security reviews)
• Write tooling and automations in Python, Bash, Go, or C-family languages to support secure builds, deployments, and infrastructure telemetry
• Maintain secure artifact registries, firmware repositories, and access-controlled build environments
• Lead initiatives in secret management, identity-aware infrastructure, and automated policy enforcement
• Educate developers and engineers on secure coding, pipeline hygiene, and compliance-as-code principles
  
  
  

Minimum Qualifications

• 5+ years of experience in DevSecOps, DevOps, or infrastructure automation roles in production environments
• Demonstrated experience with GitLab CI/CD, Terraform, Python, and at least one C-family language (C, C++, Rust), or Linux systems and container orchestration (Kubernetes, Docker)
• Hands-on experience with firmware development workflows, embedded toolchains, or build environments for microcontrollers, FPGAs, or real-time OS
• Experience with Linux kernel configuration, hardening, or custom kernel module integration
• Demonstrated experience supporting or implementing CMMC, NIST 800-171, NIST 800-53, or ITAR requirements
• Experience of security controls for software supply chains, including software provenance, SBOMs, and tamper detection
  
  
  

Preferred Skills and Experience

• Ability to work hands-on and independently while collaborating across multidisciplinary teams
• Experience working in aerospace, defense, or other regulated, safety-critical environments
• Familiarity with:
  • Air-gapped or enclave deployments
  • GitLab Ultimate or self-hosted runner architectures
  • Secure boot, UEFI, TPM, or hardware root-of-trust
  • Yocto, Buildroot, or Real time and embedded Linux build systems
• Contributions to open-source security or infrastructure projects
• Clearance eligibility or active DoD security clearance
  

Additional Information:

Compensation bands are determined by role, level, location, and alignment with market data. Individual level and base pay is determined on a case-by-case basis and may vary based on job-related skills, education, experience, technical capabilities and internal equity. In addition to base salary, for full-time hires, you may also be eligible for long-term incentives, in the form of stock options, and access to medical, vision & dental coverage as well as access to a 401(k) retirement plan.


To conform to U.S. Government space technology export regulations, including the International Traffic in Arms Regulations (ITAR) you must be a U.S. citizen, lawful permanent resident of the U.S., protected individual as defined by 8 U.S.C. 1324b(a)(3), or eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.

Impulse Space is an Equal Opportunity Employer; employment with Impulse Space is governed on the basis of merit, competence and qualifications and will not be influenced in any manner by race, color, religion, gender, national origin/ethnicity, veteran status, disability status, age, sexual orientation, gender identity, marital status, mental or physical disability or any other legally protected status.