Staff DevSecOps Engineer

About Bluestaq
At Bluestaq, we build secure data platforms that matter for space missions, national defense, healthcare systems, and commercial innovation. Founded in 2018, we've become a leader in enterprise software and secure data management by staying focused on what counts: modern architecture, operational excellence, and mission impact.

We're engineers, problem-solvers, and builders who take the mission seriously, but not ourselves. We automate the repeatable, question the status quo, and design systems that are as reliable as they are scalable. Whether we're supporting space, defense systems, or healthcare advancements, we build with the same principles: cloud-native solutions, security by design, and relentless simplicity.

Our name? "Blue" (military shorthand for the good guys) and "staq" (as in software stack). It's who we are, mission-aligned technologists building platforms that protect the world’s most valuable data.

Recognized Excellence We've earned national recognition as one of Inc. Magazine's Fastest-Growing Private Companies and consistently rank among Colorado's Best Workplaces. But what we're most proud of? The systems we build, the teams we develop, and the mission outcomes we enable.

About the Team

The BlueStaq DevSecOps Team designs, builds, and maintains the tools and platform power the Unified Data Library (UDL). We are looking for highly collaborative and security-minded engineers who will bring significant expertise, experience, and energy to our mission of ensuring the secure, reliable, and continuous delivery of our foundational data platform. 
 
Why This Role Matters 

As a DevSecOps Engineer, you will play a crucial role in building and maintaining the platform and tooling that enables secure, efficient software delivery for the Unified Data Library. You'll work hands-on with Kubernetes orchestration, infrastructure as code, and CI/CD pipelines to create seamless developer experiences while serving as a vital link between application teams and production environments. 

Your responsibilities will include designing and implementing deployment processes, integrating security scanning tools into development workflows, and managing automation. You'll modernize applications while establishing best practices that balance security, reliability, and developer velocity. This role requires strong technical expertise and the ability to work independently—you'll own solutions from design through implementation and ongoing support, validating that implementations align with business requirements and advocating for best practices across teams. 

You'll be expected to comprehend how medium-level tasks contribute to overall goals and provide accurate time and effort estimates. This position demands strong problem-solving skills, the ability to develop components independently, and comfort with debugging systems and reading/writing code in complex enterprise environments. 
 
Key Responsibilities: 

• Design, build, and maintain production environments and CI/CD pipelines for the Unified Data Library 
• Serve as the bridge between application development teams and the platform, facilitating communication and advocating security best practices 
• Implement and maintain infrastructure as code using tools like Terraform 
• Build and support Kubernetes clusters and containerized applications 
• Integrate security automation, scanning tools, and monitoring into development workflows 
• Modernize applications using Helm, containers, and CNCF best practices 
• Establish and facilitate automated deployment processes and GitOps workflows 
• Collaborate with cross-functional teams to integrate various components into a cohesive platform 
• Validate solutions to maintain platform integrity and efficiency 
• Contribute to architectural discussions on secure, cloud-native implementations  

Required Qualifications & Skills:  

• Strong experience with cloud environments (AWS and/or Azure/GCP) 
• Expertise in infrastructure-as-code (Terraform or similar) 
• Hands-on experience with CI/CD pipelines, GitLab/GitHub, and continuous delivery automation 
• Proficient with YAML and configuration management 
• Familiarity with GitOps workflows, including git-based declarative configuration and automated reconciliation 
• Familiarity with Kubernetes and container orchestration 
• Strong problem-solving skills and ability to work independently 
• Excellent communication skills and ability to collaborate with development teams 
• Comfort with debugging systems and performance instrumentation in complex enterprise environments 
• Knowledge of DevSecOps/DevOps theory and best practices 

Preferred Qualifications & Skills: 

• Demonstrated proficiency with Kubernetes and container orchestration 
• Proficiency in at least one programming language (e.g., Python, Go) and shell scripting 
• Experience with HashiCorp Vault 
• Experience with security automation, including API Security, Container Security, and Cloud Security 
• Experience with CNCF projects, Helm, Kustomize, and GitOps practices 
• Hands-on experience with GitOps tools such as ArgoCD and/or Flux for continuous deployment 
• Experience implementing and managing ArgoCD Application/ApplicationSets or Flux Kustomizations and HelmReleases 
• Experience with Big Bang framework for deploying and managing cloud-native applications 
• Understanding of Big Bang's package structure, values management, and integration patterns 
• Knowledge of Iron Bank hardened container images and their integration within Big Bang 
• Experience working in Agile environments 
• Experience with security scanning tools and compliance requirements 
• Experience with Department of Defense ATO (Authority to Operate) systems 
• Experience with C-ATO (Continuous Authority to Operate) processes 
• DoD 8570 IAT II certification 
• Certified Kubernetes Administrator (CKA) 
• Certified Kubernetes Security Specialist (CKS) 
• HashiCorp Terraform Associate 
• HashiCorp Vault Associate 
• Cloud Native Certifications 

Required Education and Experience: 

• Master’s degree in Engineering, Computer Science, or a related field and 4+ years of DevSecOps or related experience, OR 
• Bachelor’s degree in Engineering, Computer Science, or a related field and 6+ years of DevSecOps or related experience, OR 
• Associate degree in a related field and 8+ years of DevSecOps or related experience, OR 
• High School Diploma/GED and 10+ years of DevSecOps or related experience. 

Clearance Requirement: This position may require the ability to obtain a TS/SCI Clearance. To be eligible for a security clearance, U.S. citizenship is required, and an employee must agree to participate in a background screen and credit check. Eligibility for a TS/SCI Clearance will be assessed as part of the onboarding process or based on programmatic needs.

Physical Requirements:

• Prolonged periods of sitting at a desk and working on a computer.
• Must be able to lift up to 15 pounds at times.
• Must be able to access and navigate each department at the organization's facilities.

Relocation: This position does not offer relocation. Candidates must live in the immediate area or relocate at their own expense.

Bluestaq is an Equal Opportunity Employer. We prohibit unlawful discrimination against applicants or employees on the basis age 40 and over, color, disability, gender identity, genetic information, military or veteran status, national origin, race, religion, sex, sexual orientation, or any other status protected by state or local law.

Bluestaq will make reasonable accommodations for qualified individuals with known disabilities and employees whose work requirements interfere with a religious belief unless doing so would result in an undue hardship to Bluestaq or a direct threat. Employees needing such accommodation are instructed to contact Human Resources immediately at contact.us@bluestaq.com.

Date the Position Closes: Applications will be accepted for 60 days beyond the posting date, or until the position is filled, whichever comes first.