✦ Luna Orbit — System Administration

DevOps Integration Engineer

at NexGen Technologies Inc.

📍 Remote, US Remote 💰 $105K – $130K USD / year Posted April 14, 2026
Apply Now → ← Browse All Jobs

Position Details

Salary $105K – $130K USD / year
Type Not Specified
Experience mid
Exp. Years Not specified
Education Not specified
Category System Administration

About this role

NexGen Technologies is hiring a DevOps Integration Engineer to integrate RMF-aligned security controls and automated compliance checks into CI/CD pipelines. The role focuses on enabling continuous ATO (cATO) through real-time security validation, continuous monitoring, and secure CI/CD workflows for DevSecOps teams.

Key Responsibilities

  • Integrate CI/CD pipelines into RMF processes with automated compliance validation and real-time security scans
  • Lead integration of RMF compliance into DevSecOps pipelines to enable cATO workflows
  • Design CI/CD workflows with automated security scans, continuous monitoring, and vulnerability remediations
  • Develop playbooks/processes for transitioning from traditional ATO to continuous ATO (cATO)
  • Propose tools/techniques to enhance automation maturity for security controls, risk assessments, and compliance validation

Technical Overview

You will design CI/CD workflows that include automated security scans (SAST, DAST, SCA), continuous monitoring activities, and vulnerability remediations. The role includes embedding RMF (Risk Management Framework) and NIST requirements (NIST SP 800-53 and NIST SP 8500.01) into DevSecOps pipelines and supporting FedRAMP Moderate and Zero Trust Maturity Level 2 practices in Azure Government environments (Microsoft Sentinel, Microsoft Defender, WAF, DDoS Protection, Key Vault), using tools such as GitLab CI, Jenkins, GitHub Actions, and Azure DevOps plus Infrastructure as Code with Bicep/Terraform.

Ideal Candidate

The ideal candidate is an engineer experienced integrating RMF-aligned security controls and automated compliance validation into DevSecOps CI/CD pipelines. They have hands-on CI/CD security scanning experience (SAST/DAST/SCA), Infrastructure as Code (Bicep/Terraform), and familiarity with FedRAMP Moderate and Zero Trust Maturity Level 2 in Azure Government environments.

Must-Have Skills

embedding RMF-aligned security controls into CI/CD pipelinesautomated compliance checkscontinuous monitoring capabilities into CI/CD pipelinestransition from traditional ATO processes to continuous ATO (cATO)integrates CI/CD pipelines into RMF processes for automated compliance validation and real-time security scansleads the integration of RMF compliance into DevSecOps pipelines to support automated compliance validations and facilitate cATO workflowsdesigns CI/CD workflows including automated security scanscontinuous monitoring activitiesand vulnerability remediations integrated into development cyclesCI/CD pipeline security scanning (SASTDASTSCA)Infrastructure as Code (Bicep/Terraform)

Tools & Platforms

GitLab CIJenkinsGitHub ActionsAzure DevOpsMicrosoft SentinelMicrosoft DefenderAzure GovernmentWAF (Web Application Firewall)DDoS ProtectionAzure Key VaultSIEMvulnerability management platforms

Required Skills

DevOps IntegrationRisk Management Framework (RMF)continuous ATO (cATO)continuous monitoringCI/CD pipelinesDevSecOpsautomated compliance checksNIST SP 800-53 Rev. 4NIST SP 800-53 Rev. 5NIST SP 8500.01FedRAMP ModerateZero Trust Maturity Level 2Azure GovernmentMicrosoft SentinelMicrosoft DefenderWAF (Web Application Firewall)DDoS ProtectionAzure Key VaultSASTStatic Application Security TestingDASTDynamic Application Security TestingSCASoftware Composition AnalysisInfrastructure as Code (Bicep/Terraform)GitLab CIJenkinsGitHub ActionsAzure DevOpsPIA (Privacy Impact Assessment)SORN (System of Records Notice)IATO/ATO documentation supportSIEMvulnerability management platformsvulnerability remediations

Hard Skills

DevOps IntegrationCI/CD pipelinesRMF (Risk Management Framework)-aligned security controlscontinuous monitoringcontinuous ATO (cATO)automated compliance checksreal-time security validationDevSecOps pipelinesautomated compliance validationsCI/CD workflowsautomated security scanscontinuous monitoring activitiesvulnerability remediationsplaybooks or processestransitioning from traditional ATO to cATOrisk assessmentscompliance validationNIST SP 800-53 Rev. 4NIST SP 800-53 Rev. 5NIST SP 800-53NIST SP 8500.01CI/CD security scanningSAST (Static Application Security Testing)DAST (Dynamic Application Security Testing)SCA (Software Composition Analysis)Infrastructure as Code (IaC)BicepTerraformSIEMvulnerability management platformsGitLab CIJenkinsGitHub ActionsAzure DevOpsFedRAMP ModerateZero Trust Maturity Level 2Azure GovernmentMicrosoft SentinelMicrosoft DefenderDefender for CloudWAF (Web Application Firewall)DDoS ProtectionAzure Key VaultIATO/ATO documentation supportPIA (Privacy Impact Assessment)SORN (System of Records Notice)

Soft Skills

cross-team collaborationaligning DevSecOps teams with cybersecurity requirementsprocess developmentcommunication with compliance stakeholderscontinuous improvement mindset

Industry & Role

Industry Defense
Job Function Automate RMF-aligned security compliance within DevSecOps CI/CD pipelines to enable continuous ATO (cATO)
Role Subtype DevSecOps Engineer
Tech Domains Azure, Cybersecurity, DevOps & SRE

Keywords for Your Resume

DevOps Integration EngineerCI/CD pipelinesDevSecOpsRMFRisk Management Frameworkcontinuous ATO (cATO)automated compliance checkscontinuous monitoringNIST SP 800-53 Rev. 4NIST SP 800-53 Rev. 5NIST SP 800-53NIST SP 8500.01FedRAMP ModerateZero Trust Maturity Level 2Azure GovernmentMicrosoft SentinelMicrosoft DefenderWAFWeb Application FirewallDDoS ProtectionAzure Key VaultGitLab CIJenkinsGitHub ActionsAzure DevOpsSASTStatic Application Security TestingDASTDynamic Application Security TestingSCASoftware Composition AnalysisInfrastructure as CodeBicepTerraformIATOATOPIAPrivacy Impact AssessmentSORNSystem of Records NoticeInfrastructure as Code (Terraform)

Deal Breakers

Hands-on experience integrating security controls and RMF requirements into DevSecOps pipelines, Must have CI/CD pipeline security scanning experience (SAST, DAST, SCA), Must have Infrastructure as Code experience (Bicep/Terraform)

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile