Release / Security Engineer

Job Title:                                 Release/Security Engineer
Reference:                             26-005
Job Type:                                Full-time
Job Status:                            Interviewing
Date Posted:                        01-16-2026
Location:                                Huntsville
Duration:                                Permanent
Company Address:          CohesionForce, Inc.
Street:                                     101 Quality Circle
Suite:                                       Suite 140
City:                                         Huntsville, AL 35806
Website:                                  http://www.CohesionForce.com

Job Description:

CohesionForce is actively seeking candidates for a Release / Security Engineer to become part of our team in Huntsville, AL.  CohesionForce is a small software engineering company supporting high-visibility customers in the Missile Defense community.  We are heavily involved in Artificial Intelligence and modern software development practices, and we are expanding our internal AI research capability to support rapid innovation and mission-focused solutions.

The position will support two critical company needs:

1.  Building and maintaining secuire release pipelines with cryptographic signing, provenance tracking, and software supply chain security to support DoD compliance requirements.

2.  Assisting with IT and CMMC-related efforts such as audit preparation, evidence gathering, and supporting internal cybersecurity readiness activitiies.

The ideal candidate will have a strong foundation in Python, GitLab, CI/CD, Linux system administration, and container technolgies.  They should also be comfortable assisting with security compliance tasks and internal process improvements.  This candidate will work closely with technical leadership and will be expected to be a self-starter, attentive to details, and able to prioritize and adjust to accomplish company objectives with limited oversight.

Responsibilities include but are not limited to the following:

Release Engineering & Security:
– Build and maintain secure GigLab CI/CD release pipelines with multi-stage workflows.
– Implement cryptograpic signing and provenance tracking (GPG, Cosign, detached signatures).
– Generate and validate Software Bill of Materials (SBOM) for supply chain transparency.
– Manage rootless multistage container builds using Podman and OCI standards.
– Support SLSA Level 3 compliance for software artifact integrity.
– Perform vulnerability scanning and security artifact generation.
– Document release processes and security procedures.
– Support product release and transfers to target deployment environments.

Software Development/Engineering Support:
– Develop suporting Python services, scripts, automation, or APIs that enable release pipelines and internal business needs.
– Support DevOps practices including automation, build pipelines, containerization, and deployment best practices.
– Work with the product architect to develop and maintain sandbox environments and controls for agentic applications.
– Maintain and improve CI/CD runner infrastructure and build environments.

IT/Cybersecurity/CMMC Support:
– Support CMMC augit preparation and evidence gathering activites.
– Assist assessors during compliance reviews as needed.
– Help maintain internal systems/tools used to manage documentation, version control, and process compliance.
– Provide backup support for IT troubleshooting or internal technical needs when required.

                  Basic Qualifications:

– Bachelor’s degree in an engineering, science, cybersecurity, IT, or technology-related field degree with 1-5 years of experience, or a Master’s degree in a related field with less than 1 years of experience. (Equivalent experience will be considered.)
– Experience with Python development (scripting, automation, APIs, or tooling).
– Experience with GitLab CI/CD pipeline development (.gitlab-ci.yml, runners, artifacts).
– Experience with Linux system administration and shell scripting.
– Experience with container technogies (Buildah, Podman, Docker, or similar).
– Experience with CI/CD pipelines and build automation.
– Interest in AI tooling and securing AI systems (experience not require, but curiosity and willingness to learn is a must).
– Basic understanding of cryptology concepts (GPC signing, certificates).
– Strong written communication skills (ability to help produce technical documentation and policy content).
– Strong interpersonal skills and ability to collaborate in a small, fast-moving team environment.
–  Ability to prioritize and adjust tasks to accomplish project results within limited oversight.
– Excellent written and verbal communiation skills.
–  Must be a U.S. Citizen and have the capability to obtain a Secret security clearance.

                  Preferred Qualifications:

– Experience with software supply chain security practices (SLSA, Sigstore/Cosign ecosystem).
– Experience with SBOM generation tools (CycloneDX, Syft) and vulnerability scanning (Trivy, Grype).
– Experience using GitLab (including issue tracking, merge request workflows, and container registry).
– Familiarity with infrastructure as Code tools such as Ansible.
– Familiarity with Azure cloud services (preferred, not required).
– Experience with CMMC, NIST 800-171, or cybersecurity compliance documenation.
– Experience with RHEL or Fedora environments.

– Additional Information:
This role is a unique opportunity to join a small, highly skilled team where your contributions have immediate impact.  The Release / Security Engineer will directly support CohesionForce’s secure software delivery capabilities while strenghening internal cybersecurity readiness and compliance efforts.  You will gain hands-on expereince with DoD/FedRAMP compliance requirements, modern supply chain security practices, and exposure to AI systems in a defense-focused environment.