Platform Security Engineer

• Are passionate about building secure-by-design platforms instead of bolt-on security
• Enjoy working at the intersection of application security, cloud security, and DevSecOps
• Can translate security and compliance frameworks into practical, automated technical controls
• Communicate clearly with software, cloud, cybersecurity, and leadership stakeholders
• Can shift between strategic security design and hands-on pipeline and tooling work
• Are self-driven, collaborative, and committed to continuous improvement of SDLC security

• Partner with the Platform Architect and DevSecOps Engineers to design and maintain a secure Development Platform and SDLC for developing AI/ML, M&S, and other software solutions.
• Define, implement, and maintain security controls within CI/CD pipelines, including SAST, DAST, SCA, container image scanning, secrets detection, and policy gates.
• Develop and maintain compliance-as-code and policy-as-code libraries that encode NIST, FIA, RMF, CMMC, IMSA, SSDF, and customer requirements directly into SDLC tooling and CI/CD pipelines.
• Work with DevSecOps Engineers to embed these policies into reusable pipeline templates so engineering teams automatically inherit security guardrails when they build and deploy solutions.
• Design and implement mechanisms to produce automated, machine-readable evidence bundles with every pipeline run, supporting audits and ATO/cATO packages with minimal manual effort.
• Configure and harden security-relevant tooling within the Development Platform, including GitLab, artifact repositories, code quality tools, container registries, remote development environments, and secrets management solutions.
• Conduct security design reviews, threat modeling, and risk assessments for platform changes and key workloads, and document recommended mitigations.
• Collaborate with Cybersecurity SMEs to map technical controls to formal security requirements, validate their effectiveness, and support accreditation activities.
• Monitor and improve the security posture of the Development Platform, including vulnerability management, configuration baselines, security patching, and secure defaults for new projects.
• Provide guidance and training to engineering teams on secure coding, secure use of CI/CD, secrets management, and platform security best practices.
• Assist with the secure integration and governance of AI-assisted development tools and workflows, ensuring they operate within approved guardrails and data protection requirements.

• 5+ years of combined professional experience in DevSecOps, Application Security, Cloud Security, Platform Engineering, or related roles.
• Hands-on experience securing modern DevSecOps toolchains and CI/CD pipelines, preferably with GitLab and GitLab CI.
• Strong understanding of secure SDLC practices and how to embed them into automated workflows and tooling used by engineering teams.
• Experience implementing and tuning security scanning tools such as SAST, DAST, SCA, container image scanning, and secrets detection.
• Experience developing or maintaining policy-as-code and compliance-as-code solutions that drive pipeline behavior and guardrails for product teams (for example, using OPA, Kyverno, or similar approaches).
• Experience with automation standards and tooling such as OSCAL (or similar) to express controls and evidence in machine-readable form and integrate them into CI/CD and SDLC workflows.
• Hands-on experience with containerization and Kubernetes security, including RBAC, network policies, secrets management, image provenance, and use of trusted registries.
• Experience with Infrastructure as Code tools such as Terraform, Ansible, or similar, and securing IaC patterns for cloud and on-premises environments.
• Practical experience with Microsoft Azure cloud services (Azure Government preferred), including identity, network security, storage, and workload protection.
• Experience with security and compliance frameworks such as NIST, RMF, FIA, CMMC, IMSA, and SSDF, and how they map to technical controls in the SDLC.
• Proficiency in at least one programming or scripting language such as Python, Go, or a similar language used to build security automation and integrations.
• Demonstrated ability to collaborate with software, cloud, and cybersecurity teams and to clearly explain security risks and tradeoffs to technical and non-technical stakeholders.

• 
  
  
  
  Interesting Work:
  
  
  
  Our co-workers support some of the most important and critical programs to our national defense and security.
  
  
• 
  
  
  
  Values:
  
  
  
  Our first core value is that employees come first. We challenge our co-workers to provide the highest level of support and service, and reward them with some of the best benefits in the industry.
  
  
• 
  
  
  
  100% Employee Owned:
  
  
  
  We have a stake in each other's success, and the success of our customers. It's also nice to know what's going on across the company; we have company wide town-hall meetings three times a year.
  
  
• 
  
  
  
  Great Benefits - Most Full-Time Staff Are Eligible for:
  
  
  




• 
  Starting PTO accrual of 20 days PTO/year + 10 holidays/year
  
• 
  Flexible schedules
  
• 
  6% 401k match with immediate vesting up to $9k annually
  
• 
  Semi-annual bonus eligibility (July and December)
  
• 
  Company funded Employee Stock Ownership Plan (ESOP) - a separate qualified retirement account
  
• 
  Up to $10,000 in annual educational reimbursement
  
• 
  Other company funded benefits, like life and disability insurance
  
• 
  Optional zero deductible Blue Cross/Blue Shield health insurance plan
  




• 
  
  
  
  Track Record of Success:
  
  
  
  We have grown every year since our founding in 1993.
  
  

Modern Technology Solutions, Inc. (MTSI) is a 100% employee-owned engineering services and solutions company that provides high-demand technical expertise in Digital Transformation, Modeling and Simulation, Rapid Capability Development, Test and Evaluation, Artificial Intelligence, Autonomy, Cybersecurity and Mission Assurance

MTSI delivers capabilities to solve problems of global importance. Founded in 1993, MTSI today has employees at over 20 offices and field sites worldwide.

For more information about MTSI, please visit www.mtsi-va.com