DevSecOps Engineer-Experienced

About Pratt Miller an Oshkosh company

Pratt Miller is a product development company in motorsports defense and mobility industries providing clients with product engineering and low-volume production solutions. Our range of research & development engineering prototype manufacturing test & validation and low-rate production capability help our customers bring their high-quality products to market faster.

The DevSecOps Engineer is responsible for implementing secure development pipelines automation frameworks and compliant infrastructure to support defense programs operating under CMMC Level 2 and NIST 800-171/172 requirements. This role integrates security controls into cloud and on-prem environments supports continuous monitoring and vulnerability management and ensures systems hosting Controlled Unclassified Information (CUI) meet mission-critical performance and cybersecurity standards. This is a hands-on position that will work closely with software IT and security teams to deliver resilient secure and auditable solutions across defense projects.

ESSENTIAL FUNCTIONS AND SKILLS

Typical responsibilities include but are not limited to:

Project Execution

• Responsible for the design implementation and maintenance of secure DevSecOps infrastructure and delivery pipelines to support defense programs under CMMC Level 2 compliance.
• Implement security controls and automation within CI/CD pipelines using GitLab and related DevSecOps tooling.
• Ensure adherence to secure coding practices compliance with NIST SP 800-171/172 and CMMC Level 2 cybersecurity standards across software development and infrastructure management.
• Collaborate with defense software and cybersecurity teams to integrate automated testing vulnerability management and secure deployment strategies into cloud and on-prem environments.
• Assist in identifying technologies and tools that enhance security posture automation and compliance monitoring capabilities.

Customer Focus

• Maintain a customer-focused view of system security and DevSecOps process effectiveness across defense project initiatives.
• Participate in technical and compliance reviews with customers and stakeholders to ensure systems meet mission-critical availability reliability and security requirements.

Research

• Research and implement new technologies security tools and methodologies to enhance automation compliance and system resilience.
• Stay informed on evolving DoD cybersecurity standards cloud governance models and zero-trust architectures to ensure continuous compliance.

Collaboration

• Work across multidisciplinary engineering and IT teams integrating security controls within development and operational environments.
• Collaborate with network software and security engineers to ensure end-to-end protection of systems hosting Controlled Unclassified Information (CUI).
• Participate in design and code reviews infrastructure planning meetings and post-implementation security assessments.
• Work effectively with remote and hybrid teams using collaboration tools such as MatterMost and GitLab.

Problem Solving

• Demonstrate strong analytical thinking and problem-solving skills with the ability to address complex infrastructure and cybersecurity challenges.
• Leverage automation and monitoring to proactively identify and resolve performance or compliance issues within DevSecOps pipelines.

ADDITIONAL REQUIREMENTS

• Strong documentation skills for configurations compliance evidence and SOPs.
• Ability to clearly explain complex security concepts to both technical and non-technical audiences.
• Self-starter with a security-first mindset and the ability to manage multiple projects with minimal supervision.
• Collaborative and communicative with consistent effectiveness working across disciplines.

EDUCATION / CERTIFICATION / YEARS OF EXPERIENCE

• Bachelors degree in Computer Science Information Technology Cybersecurity or a related field; advanced degree preferred.
• Must meet the requirements for obtaining a U.S. Government clearance; active Secret or higher clearance preferred.
• Experience developing and maintaining secure CI/CD pipelines using GitLab Jenkins or Azure DevOps.
• Experience implementing automated security testing tools (SAST DAST SCA) and vulnerability management systems.
• Experience with CMMC Level 2 or NIST 800-171 compliance in defense or government environments.
• Experience managing secure infrastructure in AWS GovCloud Azure Government or on-prem DoD-accredited environments.

DESIRED SPECIALIZED SKILLS AND KNOWLEDGE

Technical Expertise

• Deep understanding of DevSecOps principles CI/CD and automation frameworks.
• Expertise in network architecture and security (TCP/IP VLANs VPNs firewalls IDS/IPS systems).
• Active Directory and Group Policy administration for secure identity and access management.
• Experience implementing zero-trust and least-privilege access models.
• Knowledge of cloud security configurations infrastructure-as-code (Terraform Ansible) and container orchestration (Docker Kubernetes).
• Familiarity with CMMC Level 2 DFARS 252.204-7012 and DoD cybersecurity frameworks.

Tools and Technologies

• Networking/Infrastructure/Security: TCP/IP VLAN VPN DNS zero-trust networking; firewalls; IDS/IPS; endpoint protection; Active Directory/Azure AD; log aggregation and monitoring (Prometheus Kibana Splunk Jaeger).
• DevSecOps / Automation Tools: GitLab Jenkins Azure DevOps Nexus Ansible Terraform; Docker and Kubernetes; SAST/DAST/fuzz testing/SBOM tools; OpenTelemetry; Prometheus; collaboration tools including MatterMost and Jira/Atlassian.
• Cloud Platforms: AWS GovCloud (EC2 Lambda Route 53 ECR CloudTrail); Azure Government (Virtual Machines IoT Hub Functions CosmosDB Azure Security Center).

WORK ENVIRONMENT & EXPECTATIONS

• Standard daytime schedule MondayFriday with flexibility for surge requirements or deadline-driven tasks.
• This is an on-site position in New Hudson MI.
• Some travel for customer engagement system integration or compliance activities.

Pay Range:

Oshkosh is committed to working with and offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability for any part of the recruitment process please contact our talent acquisition team by email .

Oshkosh Corporation is a merit-based Equal Opportunity opportunities are open for application to all qualified individuals and selection decisions are made without regard to race color religion sex national origin age disability veteran status or other protected characteristic. To the extent that information is provided or collected regarding categories as provided by law it will in no way affect the decision regarding an employment application.

Oshkosh Corporation will not discharge or in any manner discriminate against employees or applicants because they have inquired about discussed or disclosed their own pay or the pay of another employee or applicant. However employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information unless the disclosure is (a) in response to a formal complaint or charge (b) in furtherance of an investigation proceeding hearing or action including an investigation conducted by the employer or (c) consistent with Oshkosh Corporations legal duty to furnish information.

Certain positions with Oshkosh Corporation require access to controlled goods and technologies subject to the International Traffic in Arms Regulations or the Export Administration Regulations. Applicants for these positions may need to be U.S. Persons as defined in these regulations. Generally a U.S. Person is a U.S. citizen lawful permanent resident or an individual who has been admitted as a refugee or granted asylum.