Systems Security Engineer · Denver, CO

Building secure infrastructure in air-gapped environments.

I'm Joseph — a Systems Security Engineer at Sierra Nevada Corporation, specializing in DevSecOps automation, Kubernetes orchestration, and secure cloud deployments under DoD IL-4 / IL-6 compliance. I work where most engineers can't: the disconnected side of the internet.

7+
Years in tech
IL-6
Cleared experience
YAML files written
/ 01

About the work

My path through tech started in the cockpit, not the cloud. As a US Navy Avionics Technician, I learned that systems either work or they don't — and when they don't, it matters. That mindset followed me into DevSecOps, where I now build the pipelines that move classified workloads through air-gapped Azure Government environments.

I'm certified in Security+ CE and hold a Master's in UX Design from MICA — an unusual combination that means I think about both the security perimeter and the engineer who has to live inside it. Good tooling is invisible. Good security is also invisible. I aim for both.

Off-hours, I run Fedora Aurora as my daily driver, contribute to immutable OS projects, and tinker with custom compositors. Lately I'm building aurora-niri-noctalia, a custom Fedora image combining Niri, Noctalia Shell, and Catppuccin theming.

Orchestration

  • Kubernetes
  • k3s
  • kubeadm
  • AKS
  • Helm
  • ArgoCD

CI / CD & Artifacts

  • GitLab CI/CD
  • JFrog Artifactory
  • Podman
  • Buildah
  • Skopeo

Infra & Cloud

  • Terraform
  • Azure Government
  • Linux
  • Bash
  • Python

Compliance

  • DoD IL-4 / IL-6
  • FIPS 140-2
  • MS-ISR
  • Air-gapped systems
/ 02

Selected projects

2026

aurora-niri-noctalia

Custom immutable Fedora image built on Aurora NVIDIA, integrating the Niri scrollable tiling compositor with Noctalia Shell and Catppuccin Mocha theming. Built via ublue-os/image-template.

FedoraContainerfileGitHub Actions
View →
2026

JFrog Platform on Azure Government

Production deployment of JFrog Artifactory on AKS via Terraform and Helm — full MS-ISR compliance, FIPS 140-2 encryption, customer-managed keys, private networking. Air-gapped from day one.

TerraformAKSJFrogFIPS
Case study →
2026

DevSecOps Homelab Pipeline

Bare-metal Kubernetes cluster running GitLab CE, ArgoCD, Grafana, and SonarQube — a complete reference architecture for secure software delivery, deployable end-to-end with a single command.

KubernetesGitLabArgoCDGrafana
Case study →
2026

Self-hosted Gitea on AWS Lightsail

Single-VPS Gitea instance fronted by Caddy with auto-HTTPS, provisioned end-to-end in Terraform. Daily snapshots, GitLab push-mirror backup, and a Gitea Actions runner that deploys this very portfolio to S3 + CloudFront.

TerraformLightsailDockerGiteaCaddy
Case study →
/ 03

Where I've worked

  • 2024 — Present
    Systems Security Engineer II
    Sierra Nevada Corporation · Englewood, CO

    DevSecOps automation, Kubernetes orchestration, and secure cloud deployments in air-gapped Azure Government environments under DoD IL-4 / IL-6 compliance frameworks.

  • 2019 — 2024
    Engineering & UX Roles
    Various · Industry transition

    Bridged UX research and engineering practice through Penn State (Information Sciences & Technology) and MICA (Master's, UX Design), building the design-thinking foundation that shapes my approach to secure tooling today.

  • 2015 — 2019
    Avionics Technician
    United States Navy

    Maintained and troubleshot mission-critical avionics systems on naval aircraft. Learned that uptime is measured in lives, not nines.

Let's build something together.

Open to DevSecOps and Platform Engineering roles in cleared environments — remote or Denver-area. If you're working on hard infrastructure problems, I'd love to hear about them.

Get in touch