Chief DevSecOps Engineer

This position is contingent upon contract award.

Engineer 3

• Analyzes and defines security requirements for computer systems, which may include mainframes, workstations, and personal computers.  

• Designs, develops, engineers, and implements solutions that meet security requirements.  

• Responsible for integration and implementation of the computer system security solution.  

• Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs in computer security.  

• Performs risk analyses of computer systems and applications during all phases of the system development life cycle. 

• Mentorship and training of junior DevSecOps Engineers. 

• Leads the strategic design, implementation, and continuous improvement of enterprise-wide DevSecOps practices, tools, and pipelines.  

• Focuses on integrating security and compliance at every stage of the software development lifecycle, ensuring reliable, scalable, and secure delivery of applications and services.  

• Key technical leader, the Chief DevSecOps Engineer collaborates with product managers, solution architects, engineers, security teams, and IT operations to foster a culture of automation, rapid iteration, and continuous learning.  

• Champions best practices in infrastructure as code, automated testing, continuous integration/continuous delivery (CI/CD), and zero-trust architecture, while meeting stringent federal and agency-specific compliance requirements. 

• Bachelor’s Degree in technical discipline; Associate’s Degree and 4 years of experience; 8 years of experience in lieu of degree to meet education requirement   

• 5+ years of proven experience as a DevSecOps Engineer. 

• Expertise with modern DevSecOps toolchains, cloud platforms (e.g., AWS, Azure, GCP), container orchestration (Kubernetes), and configuration management tools. 

• Strong knowledge of software security principles, secure coding practices, and experience with vulnerability scanning and remediation tools. 

• Understanding of microservices architecture, APIs, service meshes, and event-driven systems. 

• Familiarity with federal security frameworks (FISMA, FedRAMP), NIST standards (e.g., NIST SP 800-53), ATO processes, and Section 508 accessibility requirements. 

• Ability to integrate compliance controls and reporting into DevSecOps pipelines, ensuring continuous compliance monitoring and documentation. 

• Strong communication, leadership, and interpersonal skills. 

• Excellent problem-solving, critical thinking, and decision-making abilities. 

• Ability to influence and build consensus among diverse technical and business stakeholders. 

One or more of the following:  

• CKS (Certified Kubernetes Security Specialist) 
• CISSP (Certified Information Systems Security Professional) 
• AWS Certified Security – Specialty 
• CDP (Certified DevSecOps Professional) 
• CompTIA Security+