This is a serious federal-compliance DevSecOps role for someone who can build secure pipelines, automate compliance, and drive an ATO like it’s a product. If you know DoD DevSecOps reference architecture, live in IaC, and can translate RMF controls into enforceable automation, this is your lane.
About GeoDelphi, Inc.
GeoDelphi (dba Whitespace) builds AI solutions for global leaders with geospatial analytics, high-cadence data feeds, and human expert-machine teaming. The company focuses on secure, compliant systems that support national security and federal requirements.
Schedule
Remote (U.S. citizen required; must live in the contiguous United States)
Full-time, W-2 employee (no third-party applications)
Less than 10% travel
Clearance preferred: U.S. Gov Secret or higher (preferred, not required)
Location listed: Remote / Alexandria, VA
What You’ll Do
- Design, implement, and maintain secure CI/CD pipelines aligned to DoD Enterprise DevSecOps Reference Design (DSOP)
- Automate deployment of secure environments using Terraform, Ansible, or CloudFormation in DoD/FedRAMP-compliant systems
- Integrate SAST, DAST, container scanning, and security tools into pipelines for continuous compliance
- Implement and manage DoD STIGs, DISA baselines, and RMF controls using Infrastructure as Code
- Translate security controls into automated enforcement and validation inside CI/CD
- Build compliance validation tooling (OpenSCAP, Chef InSpec, PowerSTIG, etc.)
- Support RMF authorization documentation and continuous monitoring processes
- Implement and manage DevSecOps toolchains (GitLab, Jenkins, ArgoCD, Harbor, Nexus, SonarQube, Anchore, and similar)
- Automate container security and orchestrate deployments using Kubernetes (including Big Bang and Iron Bank images or similar)
- Manage secrets, credential rotation, and logging using Vault, approved KMS solutions, or AWS Secrets Manager
- Collaborate with security, dev, and ops teams to align with RMF, NIST SP 800-53, and/or FedRAMP
- Partner with ISSOs, ISSMs, and Security Control Assessors to build ATO packages
- Serve as an internal SME on federal compliance standards and cybersecurity practices
What You Need
- Bachelor’s degree in CS (or related) or equivalent experience
- 7+ years of hands-on DevSecOps experience (AI/ML or data-intensive systems experience noted)
- Strong knowledge of federal security compliance (NIST 800-53, RMF, FedRAMP)
- Hands-on cloud experience (AWS, Azure, or GCP) plus Docker/Kubernetes
- Experience with OpenShift and/or Kubernetes security hardening
- Knowledge of Zero Trust Architecture concepts
- Proven experience driving successful ATO processes
- Strong scripting/automation skills (Python, Bash, etc.)
- Strong leadership, communication, and documentation skills
- Active security clearance or eligibility to obtain one
Benefits
- Medical, dental, and vision plans
- Unlimited PTO plus paid federal holidays
- 12 weeks paid parental leave
- Employer-paid STD/LTD and life insurance
- 401(k) with employer match
- Professional development assistance
- Equity incentive plan
This is not a “DevOps with a security checkbox” job. They’re telling you up front: ATO is the mission. If you’ve actually been through RMF and can operationalize compliance instead of just writing docs, this could be a power move.
Build secure pipelines. Automate the controls. Keep the ATO alive.
Happy Hunting,
~Two Chicks…