Home › Companies › DF82F4FEC533913CE59D380DC7829351 › Senior DevSecOps Engineer, Government Systems Security & Compliance
Senior DevSecOps Engineer, Government Systems Security & Compliance
DF82F4FEC533913CE59D380DC7829351 · Apium - San Diego, CA 92121; 123 PENDING Street, San Diego, CA, 92121, USA · Remote · Active · $90,000–$124,000 / year · Paycom ATS
Job facts
| Field | Value |
|---|---|
| Company | DF82F4FEC533913CE59D380DC7829351 |
| Title | Senior DevSecOps Engineer, Government Systems Security & Compliance |
| Normalized title | - |
| Department / team | - |
| Location | San Diego, CA, United States |
| Work model | Remote / Remote |
| Employment type | - |
| Salary | $90,000–$124,000 / year |
| Status | active |
| ATS provider | Paycom ATS |
| Posted / first seen | 2026-04-17 / 2026-05-31 |
| Changed / last seen | 2026-05-31 / 2026-06-06 |
Related slices
| Page | What it contains | Open |
|---|---|---|
| Company jobs | Active postings from DF82F4FEC533913CE59D380DC7829351. | Open |
| Company breakdowns | Role, location, ATS, and work model facets for this company. | Open |
| ATS provider jobs | Active postings observed through Paycom ATS. | Open |
| Provider filtered search | The same provider as a filtered job collection. | Open |
| City jobs | Active postings in San Diego. | Open |
| Work model jobs | Active Remote postings. | Open |
| Lifecycle events | Open, update, close, and reopen events for this posting. | Open |
| Original posting | Canonical source or apply URL captured from the ATS. | Open |
Linked records
| Company | DF82F4FEC533913CE59D380DC7829351 |
| Source | e4f1eccd-b038-47ec-a09c-02b91cca1ccb |
| ATS provider | Paycom ATS |
Description
Description
Position Summary
Apium Swarm Robotics (ASR) is revolutionizing swarm autonomy software for air, surface, undersea, and ground vehicles operating across dual-use commercial and defense environments. Our systems are deployed on real platforms, tested in the field, and delivered to customers operating in complex, uncertain, and safety-critical conditions.
We do not build research prototypes or slideware. Our software is integrated into real vehicles, tested in the field, and delivered to customers who depend on operational reliability, speed of execution, and mission relevance. We prioritize performance over hype.
ASR systems represent the next phase in autonomy: collaborative swarming. These are not like pre-programmed drones for light shows. We are creating real-time cooperative management that lets one operator control dozens to hundreds of vehicles in real-time with the ease of controlling a single vehicle. As such, this role requires comfort with responsibility, ambiguity, and operational accountability.
ASR seeks a Senior DevSecOps Engineer to build the company’s government-grade security and compliance engineering practice from the ground up. You will architect the CI/CD security pipeline, own our CMMC compliance posture, and deliver software artifacts that are accreditable under applicable NIST frameworks for operational technology.
This is not a traditional IT security role. ASR builds embedded, safety-critical systems for unmanned platforms. You must understand OT security requirements and apply them appropriately to firmware, autopilot-layer software, and ground control systems — not just enterprise IT frameworks.
Unlike almost any other robotics company, ASR’s advanced SITL suite allows developers to work from home. Travel for testing and demonstrations will allow you to witness firsthand your contributions as dozens of drones take flight.
Essential Duties and Responsibilities
Design and implement CI/CD security gates (SAST, dependency scanning, secrets detection, SBOM generation) across ASR’s version control organization (GitHub, GitLab, or equivalent)
Establish structured artifact management with semantic versioning, signed releases, and audit-traceable build provenance; manage release pipelines across incrementally constrained compliance tiers (commercial, CMMC-controlled, SIPRNet-classified)
Own CMMC Level 2 compliance posture; develop and maintain SSP, POA&M, and ATO/IATT support documentation for government program deliveries
Apply NIST SP 800-82 OT security controls to embedded flight software, GCS services, and swarm communications protocols
Implement technical controls for CUI handling, export-controlled repository access, and ITAR/EAR compliance in development workflows
Define threat modeling and SSDF (NIST SP 800-218) practices; maintain SBOM generation per EO 14028 and DoD supply chain requirements
Ensure source control organization meets required security standards: MFA applied as required, least-privilege access controls maintained, audit logging confirmed, and third-party application permissions managed
Support corporate IT integration: align ASR’s development environment with broader CMMC and CUI enclave requirements as the company scales
Required Qualifications
Active Secret clearance or demonstrated ability and willingness to obtain one
5+ years of DevSecOps, security engineering, or information assurance experience, with at least 2 years in a DoD or defense contractor environment
Working knowledge of CMMC 2.0 Level 2 requirements and assessment processes
Practical experience with GitHub Actions, GitLab CI, or equivalent CI/CD platforms, including writing custom pipeline configurations for security automation
Ability to read and reason about C++ and Python codebases for threat modeling, SAST triage, and vulnerability assessment.
Understanding of OT/embedded system security distinctions from enterprise IT; ability to apply NIST 800-82 to firmware and autopilot-layer software
Experience with SBOM generation tooling (e.g., Syft, CycloneDX, SPDX) and DoD supply chain security requirements
Familiarity with ITAR/EAR technical controls: CUI handling, export-controlled repository access, and developer access management
Comfort working independently with limited oversight; ability to remain calm and effective under operational pressure
Additional Desired Qualifications
BS in Computer Science or related field preferred
Experience authoring NIST SP 800-171 SSP and POA&M documentation in a DoD or defense contractor environment
Experience managing release pipelines across incrementally constrained compliance environments (e.g., commercial release, CMMC-controlled distribution, SIPRNet-classified behaviors)
CMMC Registered Practitioner (RP) or Certified Professional (CP); DoD 8570/8140 compliant certification (CISSP, Security+, or equivalent)
Familiarity with RMF and DISA STIG applicability for Linux-based embedded systems
Experience with Android application security including APK signing and MDM for government tablet deployments
Prior work on UAS, robotics, or autonomous systems; familiarity with PX4/ArduPilot is a differentiator
Experience with ATAK/WinTAK plugin security and TAK server CUI handling
Active TS/SCI clearance
Physical Requirements and Working Conditions
Must be able to walk, stand, and navigate large indoor and outdoor facilities for extended periods of time.
Ability to lift, carry, and move materials and equipment weighing up to 25 lbs on a regular basis.
Use of personal protective equipment (PPE) may be required in designated areas or when performing specific tasks, in accordance with safety protocols and company policy.
May be required to climb ladders, stoop, kneel, or crouch during inspections, maintenance walk-throughs, or emergency response situations.
Regular exposure to facility operations including noise, dust, temperature fluctuations, and industrial equipment.
Occasional off-hours or weekend work required for emergency facility responses or projects as needed
Requires frequent use of a computer and other standard office equipment for documentation, communication, and coordination tasks.
Background Check
This position will require successfully completing a post-offer background check. Qualified candidates with a criminal history will be considered and are not automatically disqualified, consistent with federal and state law.
EEO and ITAR/EAR Work Authorization Disclosure
Red Cat Holdings provides equal employment opportunities (EEO) to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This position requires direct or indirect access to hardware, software, technology or technical data controlled under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). Successful candidates for positions subject to ITAR/EAR restrictions must provide proof of U.S. Citizenship or Permanent Residence and must not require sponsorship for export-restricted work authorization.
E-Verify
The company participates E-Verify ensure eligibility for employment and compliance with Right to Work rules.
Compensation: Base pay, plus generous annual equity package and potential bonuses.
Full job record
| Job ID | b948def413d0e6506df4ff694fd338a7045e1ec0 |
| Org ID | 0ba30d0c-7802-468e-8b2f-34b1ccb00b80 |
| Source ID | e4f1eccd-b038-47ec-a09c-02b91cca1ccb |
| Board ID | e4f1eccd-b038-47ec-a09c-02b91cca1ccb |
| Provider | paycom |
| Provider Job Key | 331260 |
| Title | Senior DevSecOps Engineer, Government Systems Security & Compliance |
| Normalized Title | — |
| Status | active |
| Active | yes |
| Location Text | Apium - San Diego, CA 92121; 123 PENDING Street, San Diego, CA, 92121, USA |
| Department | — |
| Team | — |
| Employment Type | — |
| Workplace Type | remote |
| Remote Policy | remote |
| Country | United States |
| Region | CA |
| City | San Diego |
| Salary Raw | $90,000.00 - $124,000.00 Salary |
| Salary Min | 90,000 |
| Salary Max | 124,000 |
| Salary Currency | USD |
| Salary Period | year |
| Source URL | https://www.paycomonline.net/v4/ats/web.php/jobs/ViewJobDetails?job=331260&clientkey=DF82F4FEC533913CE59D380DC7829351 |
| Apply URL | https://www.paycomonline.net/v4/ats/web.php/jobs/ViewJobDetails?job=331260&clientkey=DF82F4FEC533913CE59D380DC7829351 |
| First Seen At | 2026-05-31 19:07:33Z |
| Last Seen At | 2026-06-06 09:56:47Z |
| Last Checked At | 2026-06-06 09:56:47Z |
| Last Changed At | 2026-05-31 19:07:33Z |
| Inactive At | — |
| Source Posted At | 2026-04-17 00:00:00Z |
| Source Updated At | — |
| Raw Payload Uri | s3://job-postings-prod-raw-590183727216/raw/provider=paycom/board=DF82F4FEC533913CE59D380DC7829351/date=2026-06-06/2026-06-06T09-56-44-363Z-a0c8d982320da1511638f43850ba561af7715b67f8cc9cc32c31e5762e8ec4eb.json |
Event Fields
{
"content_hash": "943ede4157167959d1e6a84e42603ca63b4d433d344229af837beac6b219447b",
"source_hash": "e8d94804c46c9de9ecf34ff55422e0e327d0b671cd15c79ec90609179d04b24c",
"last_changed_at": "2026-05-31T19:07:33.518Z",
"active_status": "active"
}Parsed Structured
{
"language": "en",
"location": {
"raw": "Apium - San Diego, CA 92121; 123 PENDING Street, San Diego, CA, 92121, USA",
"city": "San Diego",
"region": "CA",
"country": "United States",
"is_remote": true,
"confidence": 0.8
},
"salary_max": 124000,
"salary_min": 90000,
"inferred_at": "2026-06-06T09:56:47.208Z",
"launch_scope": {
"reason": "english_us_canada",
"included": true,
"language": "en",
"location": {
"raw": "Apium - San Diego, CA 92121; 123 PENDING Street, San Diego, CA, 92121, USA",
"city": "San Diego",
"region": "CA",
"country": "United States",
"is_remote": true,
"confidence": 0.8
},
"countries": [
"United States"
]
},
"remote_policy": "remote",
"salary_period": "year",
"workplace_type": "remote",
"salary_currency": "USD"
}Extensions
{}Native Structured
{
"detail": {
"city": "San Diego",
"jobId": 331260,
"level": "",
"endDate": "",
"legalId": 107,
"isHotJob": false,
"jobShift": "",
"jobTitle": "Senior DevSecOps Engineer, Government Systems Security & Compliance",
"location": "Apium - San Diego, CA 92121",
"startDate": "",
"clientCode": "0YV04",
"remoteType": "Fully Remote",
"description": "<p><strong><span style=\"font-family:Arial,sans-serif\">Position Summary</span></strong></p>\n\n<div style=\"margin-top:8px; text-align:center; text-indent:-.1pt\">\n<hr /></div>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><strong><span style=\"font-family:"Arial",sans-serif\">Apium Swarm Robotics</span></strong><span style=\"font-family:"Arial",sans-serif\"> (ASR) is revolutionizing swarm autonomy software for air, surface, undersea, and ground vehicles operating across dual-use commercial and defense environments. Our systems are deployed on real platforms, tested in the field, and delivered to customers operating in complex, uncertain, and safety-critical conditions.</span></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">We do not build research prototypes or slideware. Our software is integrated into real vehicles, tested in the field, and delivered to customers who depend on operational reliability, speed of execution, and mission relevance. We prioritize performance over hype.</span></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">ASR systems represent the next phase in autonomy: collaborative swarming. These are not like pre-programmed drones for light shows. We are creating real-time cooperative management that lets one operator control dozens to hundreds of vehicles in real-time with the ease of controlling a single vehicle. As such, this role requires comfort with responsibility, ambiguity, and operational accountability.</span></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">ASR seeks a Senior DevSecOps Engineer to build the company’s government-grade security and compliance engineering practice from the ground up. You will architect the CI/CD security pipeline, own our CMMC compliance posture, and deliver software artifacts that are accreditable under applicable NIST frameworks for operational technology.</span></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">This is not a traditional IT security role. ASR builds embedded, safety-critical systems for unmanned platforms. You must understand OT security requirements and apply them appropriately to firmware, autopilot-layer software, and ground control systems — not just enterprise IT frameworks.</span></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Unlike almost any other robotics company, ASR’s advanced SITL suite allows developers to work from home. Travel for testing and demonstrations will allow you to witness firsthand your contributions as dozens of drones take flight.</span></span></p>\n\n<div style=\"text-align:center; text-indent:0in\">\n<hr /></div>\n\n<p><strong><span style=\"font-family:Arial,sans-serif\">Essential Duties and Responsibilities</span></strong></p>\n\n<div style=\"margin-top:8px; text-align:center; text-indent:-.1pt\">\n<hr /></div>\n\n<ul>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Design and implement CI/CD security gates (SAST, dependency scanning, secrets detection, SBOM generation) across ASR’s version control organization (GitHub, GitLab, or equivalent)</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Establish structured artifact management with semantic versioning, signed releases, and audit-traceable build provenance; manage release pipelines across incrementally constrained compliance tiers (commercial, CMMC-controlled, SIPRNet-classified)</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Own CMMC Level 2 compliance posture; develop and maintain SSP, POA&M, and ATO/IATT support documentation for government program deliveries</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Apply NIST SP 800-82 OT security controls to embedded flight software, GCS services, and swarm communications protocols</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Implement technical controls for CUI handling, export-controlled repository access, and ITAR/EAR compliance in development workflows</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Define threat modeling and SSDF (NIST SP 800-218) practices; maintain SBOM generation per EO 14028 and DoD supply chain requirements</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Ensure source control organization meets required security standards: MFA applied as required, least-privilege access controls maintained, audit logging confirmed, and third-party application permissions managed</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Support corporate IT integration: align ASR’s development environment with broader CMMC and CUI enclave requirements as the company scales</span></span></li>\n</ul>\n\n<div style=\"text-align:center; text-indent:0in\">\n<hr /></div>\n\n<p><strong><span style=\"font-family:Arial,sans-serif\">Required Qualifications</span></strong></p>\n\n<div style=\"margin-top:8px; text-align:center; text-indent:-.1pt\">\n<hr /></div>\n\n<ul>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Active Secret clearance or demonstrated ability and willingness to obtain one</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">5+ years of DevSecOps, security engineering, or information assurance experience, with at least 2 years in a DoD or defense contractor environment</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Working knowledge of CMMC 2.0 Level 2 requirements and assessment processes</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Practical experience with GitHub Actions, GitLab CI, or equivalent CI/CD platforms, including writing custom pipeline configurations for security automation</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Ability to read and reason about C++ and Python codebases for threat modeling, SAST triage, and vulnerability assessment.</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Understanding of OT/embedded system security distinctions from enterprise IT; ability to apply NIST 800-82 to firmware and autopilot-layer software</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Experience with SBOM generation tooling (e.g., Syft, CycloneDX, SPDX) and DoD supply chain security requirements</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Familiarity with ITAR/EAR technical controls: CUI handling, export-controlled repository access, and developer access management</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Comfort working independently with limited oversight; ability to remain calm and effective under operational pressure</span></span></li>\n</ul>\n\n<div style=\"text-align:center; text-indent:0in\">\n<hr /></div>\n\n<p><strong><span style=\"font-family:Arial,sans-serif\">Additional Desired Qualifications</span></strong></p>\n\n<div style=\"margin-top:8px; text-align:center; text-indent:-.1pt\">\n<hr /></div>\n\n<ul>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">BS in Computer Science or related field preferred</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Experience authoring NIST SP 800-171 SSP and POA&M documentation in a DoD or defense contractor environment</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Experience managing release pipelines across incrementally constrained compliance environments (e.g., commercial release, CMMC-controlled distribution, SIPRNet-classified behaviors)</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">CMMC Registered Practitioner (RP) or Certified Professional (CP); DoD 8570/8140 compliant certification (CISSP, Security+, or equivalent)</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Familiarity with RMF and DISA STIG applicability for Linux-based embedded systems</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Experience with Android application security including APK signing and MDM for government tablet deployments</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Prior work on UAS, robotics, or autonomous systems; familiarity with PX4/ArduPilot is a differentiator</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Experience with ATAK/WinTAK plugin security and TAK server CUI handling</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Active TS/SCI clearance</span></span></li>\n</ul>\n\n<div style=\"text-align:center; text-indent:0in\">\n<p> </p>\n\n<hr /></div>\n\n<p><strong><span style=\"font-family:Arial,sans-serif\">Physical Requirements and Working Conditions</span></strong></p>\n\n<div style=\"margin-top:8px; text-align:center; text-indent:-.1pt\">\n<hr /></div>\n\n<ul>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Must be able to walk, stand, and navigate large indoor and outdoor facilities for extended periods of time.</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Ability to lift, carry, and move materials and equipment weighing up to 25 lbs on a regular basis.</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Use of personal protective equipment (PPE) may be required in designated areas or when performing specific tasks, in accordance with safety protocols and company policy.</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">May be required to climb ladders, stoop, kneel, or crouch during inspections, maintenance walk-throughs, or emergency response situations.</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Regular exposure to facility operations including noise, dust, temperature fluctuations, and industrial equipment.</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Occasional off-hours or weekend work required for emergency facility responses or projects as needed</span></span></li>\n\t<li><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Requires frequent use of a computer and other standard office equipment for documentation, communication, and coordination tasks.</span></span></li>\n</ul>\n\n<div style=\"margin-bottom:13px; margin-top:13px; text-align:center; text-indent:0in\">\n<hr /></div>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><strong><span style=\"font-family:"Arial",sans-serif\">Background</span></strong> <strong><span style=\"font-family:"Arial",sans-serif\">Check</span></strong></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">This position will require successfully completing a post-offer background check. Qualified candidates with a criminal history will be considered and are not automatically disqualified, consistent with federal and state law.</span></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><strong><span style=\"font-family:"Arial",sans-serif\">EEO and ITAR/EAR Work Authorization Disclosure</span></strong></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Red Cat Holdings provides equal employment opportunities (EEO) to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This position requires direct or indirect access to hardware, software, technology or technical data controlled under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). Successful candidates for positions subject to ITAR/EAR restrictions must provide proof of U.S. Citizenship or Permanent Residence and must not require sponsorship for export-restricted work authorization.</span></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><strong><span style=\"font-family:"Arial",sans-serif\">E-Verify</span></strong></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">The company participates </span><a href=\"https://www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf\"><span style=\"font-family:"Arial",sans-serif\">E-Verify</span></a><span style=\"font-family:"Arial",sans-serif\"> ensure eligibility for employment and compliance with </span><a href=\"https://www.e-verify.gov/sites/default/files/everify/posters/IER_RightToWorkPoster%20Eng_Es.pdf\"><span style=\"font-family:"Arial",sans-serif\">Right to Work</span></a><span style=\"font-family:"Arial",sans-serif\"> rules.</span></span></p>\n\n<p><span style=\"font-family:"Times New Roman",serif\"><span style=\"font-family:"Arial",sans-serif\">Compensation: Base pay, plus generous annual equity package and potential bonuses.</span></span></p>\n",
"jobCategory": "",
"salaryRange": "$90,000.00 - $124,000.00 Salary",
"socialMedia": {
"xLink": null,
"emailLink": null,
"facebookLink": null,
"linkedInLink": null
},
"isQuickApply": false,
"positionType": "",
"countryPaidIn": "",
"googleJobJson": "{\"@context\":\"https://schema.org/\",\"@type\":\"JobPosting\",\"title\":\"Senior DevSecOps Engineer, Government Systems Security & Compliance\",\"identifier\":\"J0YV04331260\",\"url\":\"https://www.paycomonline.net/v4/ats/web.php/portal/DF82F4FEC533913CE59D380DC7829351/jobs/331260\",\"image\":\"https://www.paycomonline.net/v4/ats/web.php/application/style/logo?clientkey=DF82F4FEC533913CE59D380DC7829351\",\"baseSalary\":{\"@type\":\"MonetaryAmount\",\"currency\":\"USD\",\"value\":{\"@type\":\"QuantitativeValue\",\"minValue\":90000,\"maxValue\":124000,\"unitText\":\"\"}},\"datePosted\":\"2026-04-17\",\"description\":\"Job DetailsJob Location: Apium - San Diego, CA 92121Salary Range: $90,000.00 - $124,000.00 SalaryPosition Summary\\n\\n\\n\\n\\nApium Swarm Robotics (ASR) is revolutionizing swarm autonomy software for air, surface, undersea, and ground vehicles operating across dual-use commercial and defense environments. Our systems are deployed on real platforms, tested in the field, and delivered to customers operating in complex, uncertain, and safety-critical conditions.\\n\\nWe do not build research prototypes or slideware. Our software is integrated into real vehicles, tested in the field, and delivered to customers who depend on operational reliability, speed of execution, and mission relevance. We prioritize performance over hype.\\n\\nASR systems represent the next phase in autonomy: collaborative swarming. These are not like pre-programmed drones for light shows. We are creating real-time cooperative management that lets one operator control dozens to hundreds of vehicles in real-time with the ease of controlling a single vehicle. As such, this role requires comfort with responsibility, ambiguity, and operational accountability.\\n\\nASR seeks a Senior DevSecOps Engineer to build the company’s government-grade security and compliance engineering practice from the ground up. You will architect the CI/CD security pipeline, own our CMMC compliance posture, and deliver software artifacts that are accreditable under applicable NIST frameworks for operational technology.\\n\\nThis is not a traditional IT security role. ASR builds embedded, safety-critical systems for unmanned platforms. You must understand OT security requirements and apply them appropriately to firmware, autopilot-layer software, and ground control systems — not just enterprise IT frameworks.\\n\\nUnlike almost any other robotics company, ASR’s advanced SITL suite allows developers to work from home. Travel for testing and demonstrations will allow you to witness firsthand your contributions as dozens of drones take flight.\\n\\n\\n\\n\\nEssential Duties and Responsibilities\\n\\n\\n\\n\\n\\n\\tDesign and implement CI/CD security gates (SAST, dependency scanning, secrets detection, SBOM generation) across ASR’s version control organization (GitHub, GitLab, or equivalent)\\n\\tEstablish structured artifact management with semantic versioning, signed releases, and audit-traceable build provenance; manage release pipelines across incrementally constrained compliance tiers (commercial, CMMC-controlled, SIPRNet-classified)\\n\\tOwn CMMC Level 2 compliance posture; develop and maintain SSP, POA&M, and ATO/IATT support documentation for government program deliveries\\n\\tApply NIST SP 800-82 OT security controls to embedded flight software, GCS services, and swarm communications protocols\\n\\tImplement technical controls for CUI handling, export-controlled repository access, and ITAR/EAR compliance in development workflows\\n\\tDefine threat modeling and SSDF (NIST SP 800-218) practices; maintain SBOM generation per EO 14028 and DoD supply chain requirements\\n\\tEnsure source control organization meets required security standards: MFA applied as required, least-privilege access controls maintained, audit logging confirmed, and third-party application permissions managed\\n\\tSupport corporate IT integration: align ASR’s development environment with broader CMMC and CUI enclave requirements as the company scales\\n\\n\\n\\n\\n\\nRequired Qualifications\\n\\n\\n\\n\\n\\n\\tActive Secret clearance or demonstrated ability and willingness to obtain one\\n\\t5+ years of DevSecOps, security engineering, or information assurance experience, with at least 2 years in a DoD or defense contractor environment\\n\\tWorking knowledge of CMMC 2.0 Level 2 requirements and assessment processes\\n\\tPractical experience with GitHub Actions, GitLab CI, or equivalent CI/CD platforms, including writing custom pipeline configurations for security automation\\n\\tAbility to read and reason about C++ and Python codebases for threat modeling, SAST triage, and vulnerability assessment.\\n\\tUnderstanding of OT/embedded system security distinctions from enterprise IT; ability to apply NIST 800-82 to firmware and autopilot-layer software\\n\\tExperience with SBOM generation tooling (e.g., Syft, CycloneDX, SPDX) and DoD supply chain security requirements\\n\\tFamiliarity with ITAR/EAR technical controls: CUI handling, export-controlled repository access, and developer access management\\n\\tComfort working independently with limited oversight; ability to remain calm and effective under operational pressure\\n\\n\\n\\n\\n\\nAdditional Desired Qualifications\\n\\n\\n\\n\\n\\n\\tBS in Computer Science or related field preferred\\n\\tExperience authoring NIST SP 800-171 SSP and POA&M documentation in a DoD or defense contractor environment\\n\\tExperience managing release pipelines across incrementally constrained compliance environments (e.g., commercial release, CMMC-controlled distribution, SIPRNet-classified behaviors)\\n\\tCMMC Registered Practitioner (RP) or Certified Professional (CP); DoD 8570/8140 compliant certification (CISSP, Security+, or equivalent)\\n\\tFamiliarity with RMF and DISA STIG applicability for Linux-based embedded systems\\n\\tExperience with Android application security including APK signing and MDM for government tablet deployments\\n\\tPrior work on UAS, robotics, or autonomous systems; familiarity with PX4/ArduPilot is a differentiator\\n\\tExperience with ATAK/WinTAK plugin security and TAK server CUI handling\\n\\tActive TS/SCI clearance\\n\\n\\n\\n \\n\\n\\n\\nPhysical Requirements and Working Conditions\\n\\n\\n\\n\\n\\n\\tMust be able to walk, stand, and navigate large indoor and outdoor facilities for extended periods of time.\\n\\tAbility to lift, carry, and move materials and equipment weighing up to 25 lbs on a regular basis.\\n\\tUse of personal protective equipment (PPE) may be required in designated areas or when performing specific tasks, in accordance with safety protocols and company policy.\\n\\tMay be required to climb ladders, stoop, kneel, or crouch during inspections, maintenance walk-throughs, or emergency response situations.\\n\\tRegular exposure to facility operations including noise, dust, temperature fluctuations, and industrial equipment.\\n\\tOccasional off-hours or weekend work required for emergency facility responses or projects as needed\\n\\tRequires frequent use of a computer and other standard office equipment for documentation, communication, and coordination tasks.\\n\\n\\n\\n\\n\\nBackground Check\\n\\nThis position will require successfully completing a post-offer background check. Qualified candidates with a criminal history will be considered and are not automatically disqualified, consistent with federal and state law.\\n\\nEEO and ITAR/EAR Work Authorization Disclosure\\n\\nRed Cat Holdings provides equal employment opportunities (EEO) to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This position requires direct or indirect access to hardware, software, technology or technical data controlled under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). Successful candidates for positions subject to ITAR/EAR restrictions must provide proof of U.S. Citizenship or Permanent Residence and must not require sponsorship for export-restricted work authorization.\\n\\nE-Verify\\n\\nThe company participates E-Verify ensure eligibility for employment and compliance with Right to Work rules.\\n\\nCompensation: Base pay, plus generous annual equity package and potential bonuses.\\nQualifications\",\"responsibilities\":\"Position Summary\\n\\n\\n\\n\\nApium Swarm Robotics (ASR) is revolutionizing swarm autonomy software for air, surface, undersea, and ground vehicles operating across dual-use commercial and defense environments. Our systems are deployed on real platforms, tested in the field, and delivered to customers operating in complex, uncertain, and safety-critical conditions.\\n\\nWe do not build research prototypes or slideware. Our software is integrated into real vehicles, tested in the field, and delivered to customers who depend on operational reliability, speed of execution, and mission relevance. We prioritize performance over hype.\\n\\nASR systems represent the next phase in autonomy: collaborative swarming. These are not like pre-programmed drones for light shows. We are creating real-time cooperative management that lets one operator control dozens to hundreds of vehicles in real-time with the ease of controlling a single vehicle. As such, this role requires comfort with responsibility, ambiguity, and operational accountability.\\n\\nASR seeks a Senior DevSecOps Engineer to build the company’s government-grade security and compliance engineering practice from the ground up. You will architect the CI/CD security pipeline, own our CMMC compliance posture, and deliver software artifacts that are accreditable under applicable NIST frameworks for operational technology.\\n\\nThis is not a traditional IT security role. ASR builds embedded, safety-critical systems for unmanned platforms. You must understand OT security requirements and apply them appropriately to firmware, autopilot-layer software, and ground control systems — not just enterprise IT frameworks.\\n\\nUnlike almost any other robotics company, ASR’s advanced SITL suite allows developers to work from home. Travel for testing and demonstrations will allow you to witness firsthand your contributions as dozens of drones take flight.\\n\\n\\n\\n\\nEssential Duties and Responsibilities\\n\\n\\n\\n\\n\\n\\tDesign and implement CI/CD security gates (SAST, dependency scanning, secrets detection, SBOM generation) across ASR’s version control organization (GitHub, GitLab, or equivalent)\\n\\tEstablish structured artifact management with semantic versioning, signed releases, and audit-traceable build provenance; manage release pipelines across incrementally constrained compliance tiers (commercial, CMMC-controlled, SIPRNet-classified)\\n\\tOwn CMMC Level 2 compliance posture; develop and maintain SSP, POA&M, and ATO/IATT support documentation for government program deliveries\\n\\tApply NIST SP 800-82 OT security controls to embedded flight software, GCS services, and swarm communications protocols\\n\\tImplement technical controls for CUI handling, export-controlled repository access, and ITAR/EAR compliance in development workflows\\n\\tDefine threat modeling and SSDF (NIST SP 800-218) practices; maintain SBOM generation per EO 14028 and DoD supply chain requirements\\n\\tEnsure source control organization meets required security standards: MFA applied as required, least-privilege access controls maintained, audit logging confirmed, and third-party application permissions managed\\n\\tSupport corporate IT integration: align ASR’s development environment with broader CMMC and CUI enclave requirements as the company scales\\n\\n\\n\\n\\n\\nRequired Qualifications\\n\\n\\n\\n\\n\\n\\tActive Secret clearance or demonstrated ability and willingness to obtain one\\n\\t5+ years of DevSecOps, security engineering, or information assurance experience, with at least 2 years in a DoD or defense contractor environment\\n\\tWorking knowledge of CMMC 2.0 Level 2 requirements and assessment processes\\n\\tPractical experience with GitHub Actions, GitLab CI, or equivalent CI/CD platforms, including writing custom pipeline configurations for security automation\\n\\tAbility to read and reason about C++ and Python codebases for threat modeling, SAST triage, and vulnerability assessment.\\n\\tUnderstanding of OT/embedded system security distinctions from enterprise IT; ability to apply NIST 800-82 to firmware and autopilot-layer software\\n\\tExperience with SBOM generation tooling (e.g., Syft, CycloneDX, SPDX) and DoD supply chain security requirements\\n\\tFamiliarity with ITAR/EAR technical controls: CUI handling, export-controlled repository access, and developer access management\\n\\tComfort working independently with limited oversight; ability to remain calm and effective under operational pressure\\n\\n\\n\\n\\n\\nAdditional Desired Qualifications\\n\\n\\n\\n\\n\\n\\tBS in Computer Science or related field preferred\\n\\tExperience authoring NIST SP 800-171 SSP and POA&M documentation in a DoD or defense contractor environment\\n\\tExperience managing release pipelines across incrementally constrained compliance environments (e.g., commercial release, CMMC-controlled distribution, SIPRNet-classified behaviors)\\n\\tCMMC Registered Practitioner (RP) or Certified Professional (CP); DoD 8570/8140 compliant certification (CISSP, Security+, or equivalent)\\n\\tFamiliarity with RMF and DISA STIG applicability for Linux-based embedded systems\\n\\tExperience with Android application security including APK signing and MDM for government tablet deployments\\n\\tPrior work on UAS, robotics, or autonomous systems; familiarity with PX4/ArduPilot is a differentiator\\n\\tExperience with ATAK/WinTAK plugin security and TAK server CUI handling\\n\\tActive TS/SCI clearance\\n\\n\\n\\n \\n\\n\\n\\nPhysical Requirements and Working Conditions\\n\\n\\n\\n\\n\\n\\tMust be able to walk, stand, and navigate large indoor and outdoor facilities for extended periods of time.\\n\\tAbility to lift, carry, and move materials and equipment weighing up to 25 lbs on a regular basis.\\n\\tUse of personal protective equipment (PPE) may be required in designated areas or when performing specific tasks, in accordance with safety protocols and company policy.\\n\\tMay be required to climb ladders, stoop, kneel, or crouch during inspections, maintenance walk-throughs, or emergency response situations.\\n\\tRegular exposure to facility operations including noise, dust, temperature fluctuations, and industrial equipment.\\n\\tOccasional off-hours or weekend work required for emergency facility responses or projects as needed\\n\\tRequires frequent use of a computer and other standard office equipment for documentation, communication, and coordination tasks.\\n\\n\\n\\n\\n\\nBackground Check\\n\\nThis position will require successfully completing a post-offer background check. Qualified candidates with a criminal history will be considered and are not automatically disqualified, consistent with federal and state law.\\n\\nEEO and ITAR/EAR Work Authorization Disclosure\\n\\nRed Cat Holdings provides equal employment opportunities (EEO) to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This position requires direct or indirect access to hardware, software, technology or technical data controlled under the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR). Successful candidates for positions subject to ITAR/EAR restrictions must provide proof of U.S. Citizenship or Permanent Residence and must not require sponsorship for export-restricted work authorization.\\n\\nE-Verify\\n\\nThe company participates E-Verify ensure eligibility for employment and compliance with Right to Work rules.\\n\\nCompensation: Base pay, plus generous annual equity package and potential bonuses.\\n\",\"employmentType\":\"OTHER\",\"hiringOrganization\":{\"@type\":\"Organization\",\"name\":\"RED CAT HOLDINGS\",\"logo\":\"https://www.paycomonline.net/v4/ats/web.php/application/style/logo?clientkey=DF82F4FEC533913CE59D380DC7829351\"},\"jobLocation\":{\"@type\":\"Place\",\"address\":{\"streetAddress\":\"123 PENDING Street\",\"addressLocality\":\"San Diego\",\"addressRegion\":\"CA\",\"postalCode\":92121,\"addressCountry\":\"USA\"}},\"validThrough\":\"-0001-11-30\"}",
"applyAvailable": true,
"educationLevel": "",
"qualifications": "",
"descriptionTitle": "Description",
"travelPercentage": "",
"jobYoutubeVideoId": "",
"legalRevisionDate": {
"date": "2025-07-11T19:04:21.000Z",
"timezone": "America/Chicago",
"timezone_type": 3
},
"secondaryLocations": [],
"primaryPhoneCountry": "US",
"primaryPhoneEnabled": true,
"qualificationsTitle": "Qualifications",
"primaryPhoneRequired": true,
"primaryPhoneNumberDoesNotExist": false
},
"preview": {
"jobId": 331260,
"isHotJob": false,
"jobTitle": "Senior DevSecOps Engineer, Government Systems Security & Compliance",
"postedOn": "",
"locations": "Apium - San Diego, CA 92121",
"remoteType": "Fully Remote",
"description": "Position Summary\n\n\n\n\nApium Swarm Robotics (ASR) is revolutionizing swarm autonomy software for air, surface, undersea, and ground vehicles operating a...",
"positionType": ""
},
"detail_meta": {
"url": "https://portal-applicant-tracking.us-cent.paycomonline.net/api/ats/job-postings/331260",
"http_status": 200,
"content_type": "application/json",
"response_bytes": 40307
},
"detail_errors": []
}Get this page with API
Rendered from the bluedoor Job Postings API. Reproduce it:
GET https://api.bluedoor.sh/job-postings/v1/jobs/b948def413d0e6506df4ff694fd338a7045e1ec0?include=descriptionJSONGET https://api.bluedoor.sh/job-postings/v1/orgs/0ba30d0c-7802-468e-8b2f-34b1ccb00b80JSONGET https://api.bluedoor.sh/job-postings/v1/sources/e4f1eccd-b038-47ec-a09c-02b91cca1ccbJSONGET https://api.bluedoor.sh/job-postings/v1/jobs/b948def413d0e6506df4ff694fd338a7045e1ec0/eventsJSON