• Assist the finance team with monthly billing workflow execution, ensuring accuracy, auditability, and adherence to regulatory/SEC requirements. • Help design and build automated reporting and billing pipelines using AWS services and Terraform/Terragrunt-managed infrastructure. • Create tickets for required changes, improvements, or patches, drive these items through completion. • Manage secure compute environments (e.g., restricted-access EC2 instances) used for billing and regulatory batch workflows. • Maintain documentation, runbooks, checklists, and archival processes for billing artifacts and audit requirements. • Proactively initiate conversations and escalate when anomalies, risks, or high-importance issues are detected. • Address cloud security findings and coordinate remediation, with a focus on daily Tenable findings and high/critical vulnerabilities. • Disposition, categorize, and document findings to maintain compliance and audit readiness. • Oversee vendor patching operations for data-center or platform-related vulnerabilities. • Track SLA expectations for remediation and ensure timely closure. • Proactively initiate discussions if severe risks or unusual patterns emerge. • Collaborate with engineering and BI/DS functions on infrastructure needs, data source integration, and pipeline enhancements. • Support proof-of-concept efforts, prototype new tooling, and assist with vendor evaluations. • Help manage AWS infrastructure, permissions, and resource provisioning needed for BI and analytical workloads. • Proactively raise observations or concerns related to data quality, pipeline stability, or analytical tooling. • Assist the team in addressing ongoing technical debt, including cleanup, patching, refactoring, and modernization. • Take ownership of repetitive tasks, deployments, documentation, and operational workflows to reduce team overhead.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description BridgePhase is seeking multiple skilled DevSecOps Engineers to join our growing team supporting mission-critical Department of Defense software factory and cyber defense initiatives. In this role, you’ll help design, secure, and operate cloud-native platforms that enable rapid, resilient delivery of software in high-security environments. We are hiring for both fully remote positions and hybrid roles based in San Antonio, TX. Candidates local to San Antonio should expect a mix of onsite and remote work as part of a hybrid schedule. In this role, you can expect to: - Design and implement automated build, test, and deployment pipelines using DevSecOps best practices aligned with DoD cybersecurity objectives - Build, manage, and secure containerized environments using Kubernetes and Docker - Perform security hardening, performance tuning, and optimization of Kubernetes/EKS clusters in compliance with DoD, COSC, and platform guidelines - Develop and maintain Helm charts to support secure, repeatable Kubernetes deployments - Optimize Kubernetes resource allocation, autoscaling, and reliability to support dynamic mission workloads - Integrate security tooling and continuous scanning into CI/CD pipelines to enable rapid delivery of hardened code - Implement Infrastructure as Code (IaC) and Configuration as Code (CaC) using tools such as Terraform, Ansible, and Packer - Manage and optimize AWS cloud infrastructure with a focus on security, scalability, and reliability - Ensure compliance with security frameworks including NIST SP 800-53, DISA STIGs, and the DoD Enterprise DevSecOps Reference Design - Collaborate closely with development, security, and operations teams to support secure software delivery and cyber mission readiness - Contribute to continuous improvement, automation, and evolving operational needs within a fast-paced technical environment As with any technical environment, responsibilities may evolve over time. We’re looking for engineers who are adaptable, curious, and comfortable taking on new challenges as mission needs change. Qualifications - U.S. citizenship is required due to client needs. Eligibility and willingness to obtain a U.S. Government security clearance (active clearance preferred) - Strong understanding of industry best practices for building secure services in cloud-based IaaS, PaaS, and SaaS environments - Experience working in Agile delivery environments - Experience deploying and maintaining production workloads in at least one major cloud provider (AWS strongly preferred; Azure acceptable) - Experience building and maintaining automated CI/CD pipelines - Familiarity with Linux environments and scripting (Bash, Python, or similar) - Experience developing Infrastructure as Code (IaC) and Configuration as Code (CaC) solutions using tools such as Terraform, Ansible, Packer, and Helm - Ability to automate infrastructure provisioning, configuration, and operational tasks - Strong communication skills and ability to work in a collaborative, “badgeless” team environment with government and contractor partners Requirements - Hands-on experience in DevSecOps, CI/CD, cloud infrastructure, Kubernetes, SRE, or automation-focused operations roles - Experience working with Amazon EKS or other managed container platforms - Familiarity with implementing DevSecOps practices in DoD or other high-security environments - Experience supporting compliance and security requirements in regulated environments - Strong problem-solving skills with a mission-driven mindset - Bachelor’s degree in Computer Science, Engineering, Information Systems, or equivalent practical experience - Relevant certifications such as: AWS Solutions Architect (Associate or higher), Certified Kubernetes Administrator (CKA), or Certified Kubernetes Security Specialist (CKS) Benefits - Competitive compensation that reflects your skills and impact - Multiple bonus programs rewarding performance, company growth, and employee referrals - Flexible PTO with 20 days to use when you need them - All federal holidays paid to help you truly recharge - Paid sick leave because health always comes first - 100% paid parental leave - 401(k) with 6% match and no vesting period - Top-tier medical, dental, and vision plans with low out-of-pocket costs - Short- and long-term disability and life insurance included - Pet insurance to support your four-legged family - Annual professional development budget for training, certifications, and conferences - Two paid community service days for causes that matter to you - Social pod budget to connect with teammates wherever you live

• Design, build, and maintain CI/CD security controls that scale across repositories and teams (reusable pipeline components, templates, and standards). • Implement Kubernetes security architecture and guardrails (RBAC hardening, workload security baselines, admission policies, network policies, and safe multi-tenant patterns as applicable). • Improve container security end-to-end: base-image strategy, vulnerability scanning, registry controls, image signing, and promotion workflows. • Operationalize vulnerability management with risk-based prioritization, measurable remediation SLAs, and dashboards/metrics (MTTR, exposure trends, top recurring root causes). • Drive developer enablement: clear documentation, lightweight design reviews/threat modeling for high-impact changes, office hours, and high-signal guidance embedded in tooling. • This role builds and runs production security systems. • You'll ship code and infrastructure, not just recommendations • You'll own reliability and outcomes for the controls you build. • You'll respond to incidents and on-call rotation related to platform security controls and pipeline reliability (scope aligned with Platform/SRE).

• Build and operate production security controls across our AWS and Kubernetes platform. • Design and implement guardrails that make secure delivery the default—covering CI/CD security automation, software supply chain controls, and Kubernetes policy enforcement. • Co-own AWS security guardrails with Platform/SRE (IAM patterns, logging and detection, network and encryption baselines). • Partner with Security/GRC on control interpretation and evidence needs; implements controls in engineering systems and pipelines. • Maintain CI/CD security controls that scale across repositories and teams (reusable pipeline components, templates, and standards). • Improve container security end-to-end: base-image strategy, vulnerability scanning, registry controls, image signing, and promotion workflows.