Devops Security Engineer

Department: Operations Location: Remote (U.S.), West Coast hours preferred Reports To: Director of DevOps Classification: Full-Time, Exempt Estimated Compensation Range: $110K - $140K US Citizenship Required. Dual Citizenship Prohibited. Must reside in the US. About Knox Knox runs the largest Federal managed cloud, building and operating secure cloud and AI environments that support the U.S. government’s most critical missions — from national security and public safety to essential public services. Our customers rely on Knox to deploy production systems that meet the highest standards for security, reliability, and compliance. Work at Knox is high-impact and purpose-driven. The problems we solve are high-stakes, the expectations are high, and the results are visible. Speed, rigor, and trust matter here - because the environments we secure cannot fail. Your contributions are visible, your expertise is relied upon, and the impact of your work is immediate and measurable. We operate at federal scale, securing some of the most sensitive government environments in the country - because the systems we build must perform without fail. Role Overview The Devops Security Engineer is a hands-on DevSecOps role responsible for securing cloud-native, multi-tenant environments operating under FedRAMP Moderate/High and NIST SP 800-53 requirements. This role focuses on preventative security, automation, and continuous compliance, embedding security controls directly into infrastructure, CI/CD pipelines, and runtime operations. The engineer will operate CrowdStrike as a core CNAPP and DevSecOps control, alongside CSPM tooling, to prevent misconfigurations, reduce risk, and maintain continuous audit readiness while working directly with customers and internal engineering teams. Job Responsibilities Customer Onboarding & Communication

• Serve as a security point of contact for external customers deploying into regulated cloud environments.
• Support customer onboarding by validating application security posture and deployment readiness for FedRAMP environments.
• Review customer security documentation, architectures, and deployment workflows against platform security requirements.
• Communicate security requirements, changes, incident escalations, and compliance questions clearly to customers.

Federal Compliance & Governance (FedRAMP/NIST)

• Implement and operate security controls required for FedRAMP Moderate/High, aligned to NIST SP 800-53.
• Support Continuous Monitoring (ConMon) activities, including vulnerability tracking, POA&M updates, and compliance reporting.
• Maintain and validate FedRAMP security architecture artifacts, including network diagrams, data flow diagrams, trust boundaries, and control flows.
• Validate deployed infrastructure and traffic patterns against approved FedRAMP architectures using flow logs and telemetry.

Security Tooling & Vendor Management

• Operates CrowdStrike as part of the core CNAPP enforcement and DevSecOps control, including IOM/IOA analysis, vulnerability management (Spotlight), workload protection, and telemetry/log review for cloud workloads.
• Integrate CrowdStrike CNAPP and detection signals into automated SOAR and CI/CD workflows to support preventative controls, response, and Continuous Monitoring (ConMon) for FedRAMP compliance.
• Coordinate external penetration testing efforts, including scoping, access, findings review, and remediation tracking.
• Use application security tools (e.g., Burp Suite) to support internal testing and remediation.

DevOps, Automation, & Preventative Security

• Implement security and compliance gates in CI/CD pipelines to prevent non-compliant infrastructure or code from reaching production.
• Enforce policy-as-code guardrails for IAM, networking, logging, encryption, and endpoint protection using Terraform.
• Ensure CrowdStrike coverage, logging, and monitoring are enforced as deployment prerequisites.
• Prevent cloud exposure by enforcing network segmentation, approved ingress/egress paths, and least-privilege access.
• Detect and remediate configuration drift using CSPM and automated workflows.
• Secure Kubernetes clusters and containerized workloads to approved security baselines.

Minimum Requirements

• 4+ years of experience in Cloud Security, DevSecOps, or Security Operations roles.
• Hands-on experience operating CrowdStrike Falcon in production environments.
• Direct experience supporting FedRAMP environments and implementing NIST SP 800-53 controls.
• Experience working directly with external customers on security onboarding or deployment readiness.
• Strong experience with Wiz or similar CSPM/CNAPP platforms.
• Proficiency with Terraform and CI/CD tooling (GitHub, GitHub Actions).
• Experience securing multi-cloud environments (AWS required; Azure and/or GCP preferred).
• Strong written and verbal communication skills.

Preferred Qualifications

• Experience supporting or collaborating with SOC or incident response teams.
• Experience managing external penetration testing engagements.
• Familiarity with System Security Plans (SSPs) and audit artifacts.
• Relevant certifications (AWS Security Specialty, CISSP, CISM, CCSP).
• Experience applying automation or AI-assisted tools to security workflows.

Hiring Requirement: Due to the nature of our work with federal government clients and compliance with applicable regulations, this position requires U.S. citizenship. Dual citizenship is not permitted for this role. Candidates must be able to provide documentation verifying sole U.S. citizenship status as part of the background check process. Any offer of employment is contingent upon the successful completion of all required pre-employment screenings, including a background check, in accordance with applicable laws and government contract requirements. Benefits & Perks Knox offers a competitive employee benefits package including Medical, Dental, Vision, Life & Disability, unlimited PEO, and an employee funded 401k plan. Please note, benefits are subject to change. We are an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, veteran status, or any other legally protected status. Apply tot his job Apply To this Job