Cyber Security Engineer / DevSecOps Engineer

Ad Hoc is a technology company that empowers organizations to deliver scalable, impactful digital services. Using modern, agile methods, our team creates products that meet people’s needs and transform their experience of government.

Our collaborations have shaped some of the defining moments in public-sector service delivery. We’ve helped build products that connect Veterans to tailored services, help millions access affordable health care, and support important programs like Head Start. As we work with agencies to deliver critical services, we’re also changing how the government approaches technology.

Our culture, communications, and tools are built for remote work, enabling us to bring together top talent nationwide. At Ad Hoc, remote life empowers our teams to design work environments that fit their lives and that foster flexibility and collaboration to achieve positive outcomes for our customers.

Ad Hoc values acceptance, accountability, and humility. We aren’t heroes. We learn from our mistakes and improve the process for the next time. We build small, inclusive teams to collaborate closely with our partners to solve the right problems and deliver software that works.

The Veterans Affairs business unit helps transform the VA into a modern digital services organization where Veteran outcomes are at the center of every effort. We partner with the VA to design and deliver seamless user experiences for Veterans, their families and caregivers, and VA employees. By applying better practices in service design, product management, and technology, we enable the VA to increase the use, quality, and reliability of services and decrease the time Veterans spend waiting for outcomes.

We are seeking a Cyber Security Engineer to support the design, implementation, and maintanence of secure technology solutions within the federal government. The ideal candidate will have at least 5 year of cybersecurity experience, a strong understanding of security requirements, and experience supporting compliance, risk management and security operations.

• →Design, implement, and maintain security controls across cloud and on-premises environments.
• →Conduct security assessments, vulnerability analysis, and risk evaluations of applications, infrastructure, and systems.
• →Support continuous monitoring activities, including security event analysis and incident response efforts.
• →Develop and maintain security documentation, including System Security Plans (SSPs), security procedures, and risk assessments.
• →Assist with Authorization to Operate (ATO) activities and ongoing compliance requirements.
• →Design, implement, and maintain secure CI/CD pipelines supporting application development and infrastructure deployments.
• →Integrate automated security testing into the software development lifecycle
• →Develop Infrastructure as Code (IaC) solutions using tools such as Terraform, CloudFormation, or Ansible.
• →Automate security controls, compliance checks, and deployment processes.
• →Support Kubernetes, Docker, and cloud-native application deployments.
• →Analyze security findings and develop remediation recommendations.
• →Support vulnerability management activities, including tracking, prioritization, and remediation verification.
• →Participate in security audits and assessments conducted by internal and external stakeholders.
• →Monitor emerging threats and recommend improvements to security posture.

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field.
• 5+ years of experience in cybersecurity, DevSecOps, cloud security, or related disciplines.
• Experience supporting federal government contracts and federal information systems.
• Hands-on experience with cloud platforms such as AWS, Azure, or Google Cloud Platform.
• Experience building and maintaining CI/CD pipelines using tools such as GitHub Actions, GitLab CI, Jenkins, or Azure DevOps.
• Experience with container technologies including Docker and Kubernetes.
• Knowledge of Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible.
• Experience implementing automated security testing within development pipelines.
• Understanding of secure software development principles and DevSecOps methodologies.
• Strong knowledge of vulnerability management, security monitoring, and incident response.
• Experience supporting compliance efforts under NIST, FISMA, and FedRAMP requirements.

• Experience supporting VA, DoD, HHS, CMS, or other federal civilian agencies.
• Experience with AWS GovCloud or Azure Government environments.
• Familiarity with SIEM and monitoring tools such as Splunk, ELK, DataDog, or Microsoft Sentinel.
• Experience securing Kubernetes and containerized environments.
• Knowledge of zero-trust architectures and cloud-native security controls.
• Experience supporting Authority to Operate (ATO) packages and security assessment
• Relevant certifications such as CISSP, CISM, or CEH are highly valued.