Lead DevSecOps & Compliance Engineer

POSITION DESCRIPTION:
The Lead DevSecOps & Compliance Engineer is a senior technical leader responsible for embedding security, auditability, and compliance automation across the full software delivery lifecycle. This role ensures the platform is secure by design, continuously compliant, and aligned with Zero Trust principles. Working at the intersection of cybersecurity, DevOps, and compliance engineering, this engineer defines and enforces platform-wide security policies, hardens build and deployment processes, and maintains traceability of technical controls to federal mandates such as FIAR, NDAA, FedRAMP, and Zero Trust Architecture. 

This role operates as a core member of the technical leadership team, collaborating with cloud platform engineers, backend developers, AI/ML teams, and project leadership to safeguard every layer of the stack—from infrastructure to middleware to deployment artifacts. The ideal candidate brings deep hands-on experience in security automation, policy-as-code, AWS infrastructure, and compliance in a federal environment. 

U.S. Citizenship and an active Secret Clearance are required. This position is full-time and on-site in the Washington, D.C. metro area. 

KEY RESPONSIBILITIES:

Security Architecture & Compliance Integration 

• Define and enforce platform-wide security controls across CI/CD, infrastructure, and runtime environments. 

• Map security controls and evidence generation to federal mandates (e.g., FIAR, NDAA, NIST 800-53, FedRAMP). 

• Lead threat modeling, risk assessments, and architectural reviews to drive security improvements across new and existing systems. 

DevSecOps Implementation 

• Integrate security scanning into CI/CD pipelines, including: 

• Static Code Analysis (SAST) 

• Dynamic Analysis (DAST) 

• Software Composition Analysis (SCA/SBOM) 

• Enforce Zero Trust security across network, identity, and application layers. 

• Manage vulnerability detection and remediation workflows using CVE/CVSS data and SBOM insights. 

Infrastructure & Runtime Hardening 

• Design, implement, and harden containerized infrastructure using AWS Elastic Container Service (ECS), with secure VPC networking, IAM policies, and encrypted communication across services.  

• Manage secure deployment of artifacts into ECS, ensuring minimal attack surface and compliance with DoD cloud security guidance. 

• Harden Docker containers and Kubernetes/ECS configurations using least-privilege and defense-in-depth principles. 

• Define runtime enforcement using tools such as OPA/Gatekeeper, SELinux, Pod Security Standards, and service mesh policies. 

• Implement secure artifact storage, image signing, and supply chain integrity (e.g., Sigstore, Cosign). 

Secrets & Credential Management 

• Establish and maintain secure secrets management using AWS Secrets Manager or HashiCorp Vault. 

• Implement credential rotation and access control policies aligned with Zero Trust and least-privilege principles. 

Compliance Automation & Observability 

• Define and enforce policy-as-code and compliance-as-code standards using tools like Terraform, Sentinel, or OPA. 

• Design and manage centralized log collection using AWS CloudWatch, including log group organization, retention policies, and access controls. 

• Configure CloudWatch metrics, dashboards, and alarms to detect and alert on compliance violations, security anomalies, or system failures. 

• Integrate structured logs and telemetry into security monitoring workflows and audit trails (e.g., using OpenTelemetry or ELK-compatible tooling). 

• Maintain audit readiness through continuous evidence generation and reporting. 

Governance, Mentorship, and Coordination 

• Collaborate with the Principal Architect and Project Manager to define the platform’s compliance roadmap and audit posture. 

• Mentor DevOps and engineering teams on secure development, compliance alignment, and operational excellence. 

• Support audit readiness reviews and generate documentation/evidence as needed for external oversight. 

REQUIRED EXPERIENCE:

• Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, or a related technical field. 

• 7+ years of experience in DevSecOps, cloud security, or infrastructure security in production systems. 

• CISSP, CISM, or equivalent senior-level cybersecurity certification. 

• Deep hands-on experience with: 

• CI/CD pipeline security (e.g., GitHub Actions, GitLab CI/CD, Bitbucket Pipelines) 

• AWS infrastructure, particularly ECS, CloudWatch, IAM, VPC, and Secrets Manager 

• Container security (Docker, Kubernetes/ECS hardening) 

• Secure authentication protocols (OAuth2, OpenID Connect, JWT) 

• Proven experience mapping technical controls to federal frameworks (e.g., FIAR, NDAA, NIST 800-53, FedRAMP). 

• Must be available to work full-time and on-site in the Washington D.C. metro area. 

• U.S. Citizenship and active Secret Clearance are required. 

DESIRED EXPERIENCE:

• Familiarity with: 

• Policy-as-code frameworks (OPA/Gatekeeper, Sentinel) 

• Secure software supply chain tools (Sigstore, in-toto, Cosign) 

• Cloud-native security tooling (e.g., AWS Config, GuardDuty, Inspector) 

• Observability tools such as OpenTelemetry, Prometheus, ELK/Splunk 

• Experience with AI/ML security practices or secure metadata handling for model pipelines. 

• Understanding of Zero Trust architectures and service-to-service identity enforcement. 

WHO WE ARE AND WHAT WE OFFER:

In addition to competitive salaries and opportunities for professional development and advancement, our employees enjoy a comprehensive range of benefits. To keep pace with the changing needs of our employees, we continually evaluate benefit plans.

• Paid time off
• 10 paid holidays
• Medical insurance
• Dental insurance
• Vision insurance
• Legal assistance
• Company-paid life insurance and AD&D
• Company-paid long term and short-term disability insurance
• Tuition reimbursement
• 401(k) plan with company contribution
• Continuing Education Opportunities