Location: Troy, Michigan (Hybrid, 60/40 or 70/30 split) Industry: Dept. of Defense Duration: 6-month contract Pay: Up to $50/hr. Clearance: Ability to obtain Secret clearance
Job Summary: Seeking a DevSecOps Engineer with primary strength in Application Security for Linux operating environments. The DevSecOps Engineer will analyze C/C++ development environments, system architectures, and safety-critical security risks to define and implement security controls, realized through DevSecOps pipelines, for embedded applications running in Linux environments.
Responsibilities:
Analyze application architectures, deployment topologies, and trust boundaries to identify threats and define appropriate security controls across the development lifecycle
Develop and apply threat models to identify vulnerabilities and drive the selection of security controls in code, pipelines, and runtime environments
Interact with software developers to guide secure development, perform code reviews, and provide actionable, risk-based recommendations
Design, implement, and maintain CI/CD pipelines that enforce and validate security controls (e.g., SAST, SCA, build integrity, artifact security) for C/C++ applications targeting Linux hosts
Build C/C++ applications using standard Linux toolchains (e.g., gcc/g++, make, cmake) and resolve compilation and dependency issues
Manage and securely handle pipeline artifacts, dependencies, and environment variables, ensuring sensitive information is not exposed in code or logs
Qualifications:
BS Degree in Engineering or related field
3+ years of relevant experience
Skilled in Agile, DevOps, and modern delivery practices
Strong Linux expertise, including system internals and security topics such as permissions, process isolation, secure execution (non-root services), file handling, and common vulnerability classes
Experience building C/C++ applications in Linux environments using gcc, make, or cmake
Strong analytical and problem-solving skills with an attacker mindset, able to anticipate and simulate real-world attacks and identify vulnerabilities beyond automated scanning
Experience interpreting and applying security frameworks (e.g., STIGs, FIPS 140-x, NIST 800-53) to derive system-specific security controls and implement them within development pipelines and deployed environments
Hands-on experience with GitLab CI/CD pipelines, including writing and debugging .gitlab-ci.yml configurations
Familiarity with Coverity, Black Duck, or similar SAST/SCA tools and understand how to interpret and act on scan results
Familiarity with secure handling of secrets and credentials within CI/CD pipelines
Ability to obtain Secret Clearance required
SRG4 Government Services is a leading provider of information technology, training, engineering, accounting, and intelligence analytical services for agencies in the intelligence, defense, homeland security, cybersecurity, and federal civilian markets. SRG4 utilizes an innovative approach to identify and qualify talent that is unique to the federal contracting industry, featuring a cutting-edge platform that allows us to rapidly and precisely match professionals to client requirements. We have a proprietary database of over one million candidates and maintain continuous contact with our qualified talent.