Zermount, Inc. is seeking a highly talented, technical, hands-on DevSecOps & Evidence-Automation Engineer to support their Professional Services business within the Government Sector. This role involves building CI/CD security pipelines and automated evidence collectors to enhance a federal continuous Authorization to Operate program.
Responsibilities:
- Build and operate a pipeline (SAST, DAST, SCA, container scanning, SBOM, secrets) integrated across source, build, test, release, deploy, and runtime
- Write evidence collectors (Python/boto3, serverless functions, Go) that pull cloud, scanner, and SIEM data and map it to security controls (NIST SP 800-53)
- Establish review gates and attestation formats
- Build and maintain API/connector integrations and event-driven data flows feeding the evidence and GRC layer
- Engineer identity, PKI, and secrets workflows (HashiCorp Vault, AWS Secrets Manager) supporting control evidence
Requirements:
- High level of attention to detail, needs minimal guidance, effective verbal and written communication
- 7+ years building cloud-native, event-driven services and automation on AWS (serverless, Terraform/IaC, Docker)
- Strong in Go and/or Java (Spring Boot); Apache Kafka or equivalent event streaming
- CI/CD pipeline engineering (Jenkins/GitHub Actions) and infrastructure-as-code
- PKI/X.509 and secrets-management engineering (HashiCorp Vault, AWS Secrets Manager)
- Ability to map technical evidence to security controls (NIST SP 800-53)
- Bachelor of Science (or higher) in computer engineering, computer science, information technology, cyber security, or a related field
- Another major will be considered, provided it clearly addresses at least one of the following: cyber security engineering, systems administration, information systems security, software development security, systems engineering, information systems, or information technology
- SBOM generation and container signing a plus
- An active Secret Clearance is preferred