Posted today
Top Secret/SCI
Mid Level Career (5+ yrs experience)
$150,000 - $275,000
25%
Unspecified
IT - Software
Remote/Hybrid•Fort George G Meade, MD (Off-Site/Hybrid)•Denver, CO (Off-Site/Hybrid)•Chantilly, VA (Off-Site/Hybrid)
CLEARANCE: TS/SCI eligibility required. Active TS/SCI strongly preferred. CI or FS Poly preferred.
CITIZENSHIP: U.S. citizenship required due to clearance requirements.
ABOUT THE ROLE
At MomentumAI, you'll architect, harden, and deliver secure Kubernetes platforms and CI/CD pipelines that power mission-critical systems across the Federal Civilian, DoD, and IC communities. You'll partner with platform, app, and security teams to design resilient architectures, drive application migrations, and implement repeatable, compliance-ready delivery patterns aligned to MomentumAI's Platform-as-a-Product approach.
We are seeking a Platform Architect with deep, hands-on platform engineering, Kubernetes, CI/CD, and container security experience. You will partner with mission stakeholders, developers, security, and operations in secure environments to design resilient architectures, build app and data platforms, and migrate workloads to the platforms while meeting stringent compliance requirements.
WHAT YOU'LL DO
- Architecture & delivery: Own architecture and delivery of containerized applications on Kubernetes across commercial, government, and air-gapped environments.
- CI/CD design & implementation: Design and implement CI/CD (GitOps-first using Argo CD/Flux, or classic pipelines via GitHub Actions/GitLab/Jenkins) with policy gates, automated testing, artifact signing, and environment promotion.
- Container & cluster hardening: Apply CIS Benchmarks/DoD STIGs, admission control (OPA/Gatekeeper/Kyverno), image scanning (Trivy/Anchore/Clair), SBOM/SLSA supply-chain controls, and secrets management (Vault/KMS).
- Application migration & modernization: Lead discovery, assessment, and execution (rehost/replatform/refactor), data migration strategies, blue/green and canary releases, and service mesh patterns (Istio/Linkerd).
- Infrastructure as Code: Implement Terraform/Pulumi/Helm/Kustomize; codify platform baselines and repeatable environment builds.
- Observability & reliability: Establish Prometheus/Grafana/ELK/OpenTelemetry, performance tuning, autoscaling, and SLOs.
- Security & compliance partnership: Support NIST 800-53, FedRAMP, RMF/ATO documentation, continuous monitoring, and evidence collection.
- Team coaching & communication: Create architecture diagrams, decision records, runbooks, and deliver executive/mission briefings.
- Pre-sales & delivery support: Contribute to LOE estimates, SOWs/ROMs, roadmaps, and technical demos/workshops.
REQUIRED QUALIFICATIONS
Strong candidates will meet most (not necessarily all) of the technical requirements below.
- Active TS/SCI or TS/SCI eligibility (must be able to obtain and maintain). U.S. citizenship required.
- 7+ years in Solutions Architecture, Platform Engineering, DevOps, or related roles.
- 3+ years hands-on Kubernetes in production (cluster design, operations, troubleshooting).
- CI/CD pipeline experience (e.g., GitHub Actions, GitLab CI, Jenkins) including environment promotion and approvals in regulated contexts.
- Containerization fundamentals (Docker/OCI), image lifecycle management, and container hardening practices.
- Infrastructure as Code (e.g., Terraform, CloudFormation, Crossplane) for cloud or on-prem deployments.
- Solid Linux administration, networking (VPC/VNet, DNS, TLS, ingress/egress, load balancing), and security fundamentals.
- Observability & logging (e.g., Prometheus, Grafana, ELK/EFK, OpenTelemetry); root-cause analysis and performance tuning.
- Scripting proficiency (Bash) and YAML fluency.
- Software engineering proficiency in at least one of Go or Python.
- Demonstrated ability to lead cross-functional initiatives, influence without authority, and present to technical and executive audiences.
PREFERRED QUALIFICATIONS
These are nice-to-haves that strengthen your candidacy. You don't need all of them.
- CI or FS Poly.
- Experience delivering in DoD/IC environments, including air-gapped clusters and high-side/low-side data flows.
- Managed Kubernetes distributions (EKS, AKS, GKE, VKS, Rancher, OpenShift).
- VMware ecosystem: VCF architecture/operations (vSphere, NSX-T, vSAN, SDDC Manager), VKS, Tanzu, or Cloud Foundry.
- GitOps (Argo CD, Flux) and Kubernetes packaging (Helm, Kustomize).
- Container registries (Harbor, ECR, ACR, GCR) and vulnerability scanning (Trivy, Anchore, Clair).
- Kubernetes policy & runtime security: OPA/Gatekeeper/Kyverno, Pod Security Standards, Cilium/Calico, Falco, Sigstore/Cosign, SBOM tooling.
- Secrets management (HashiCorp Vault, cloud KMS/HSM).
- Government cloud platforms: AWS GovCloud, Azure Government, or Google Assured Workloads.
- AI/ML platforms: AWS Bedrock/SageMaker, Azure OpenAI/ML, or Google Vertex AI/Gemini.
- Stateful workloads on Kubernetes: database refactoring/replication, Operators, StatefulSets, StorageClasses.
- Service mesh (Istio, Linkerd), API gateways (Kong, NGINX), Zero Trust tooling (Teleport).
- Relevant certifications: CKA/CKAD/CKS; VMware VCP tracks; cloud certs (AWS/Azure/GCP); DoD 8570/8140 (Security+, CISSP).
COMPENSATION & BENEFITS
Compensation: $150,000 - $275,000 OTE
Benefits: Comprehensive health, dental, and vision; 401(k) with 6% company match; FSA/HSA; life and AD&D; short- and long-term disability; unlimited PTO; other well-being and professional growth benefits.
Actual compensation will be based on experience, geographic location, and clearance level.
ABOUT MOMENTUMAI
MomentumAI is a platform engineering consultancy helping enterprises and government agencies build next-generation app and data platforms. Our team pioneered the Platform-as-a-Product approach at Pivotal and VMware, and has spent over a decade delivering production-scale platforms. We design and implement container orchestration (Kubernetes, Tanzu/Cloud Foundry, OpenShift, Rancher), microservices patterns, and automated CI/CD. Leveraging tools like Terraform, Crossplane, Kratix, Helm, and Kustomize - and service meshes such as Istio and Envoy - we help customers operate securely across AWS (incl. GovCloud), Azure (incl. Government), GCP, and on-prem environments. We also leverage Zero Trust access patterns (e.g., Teleport) and DevSecOps/SRE practices to ensure reliable, compliant, and observable operations.
CITIZENSHIP: U.S. citizenship required due to clearance requirements.
ABOUT THE ROLE
At MomentumAI, you'll architect, harden, and deliver secure Kubernetes platforms and CI/CD pipelines that power mission-critical systems across the Federal Civilian, DoD, and IC communities. You'll partner with platform, app, and security teams to design resilient architectures, drive application migrations, and implement repeatable, compliance-ready delivery patterns aligned to MomentumAI's Platform-as-a-Product approach.
We are seeking a Platform Architect with deep, hands-on platform engineering, Kubernetes, CI/CD, and container security experience. You will partner with mission stakeholders, developers, security, and operations in secure environments to design resilient architectures, build app and data platforms, and migrate workloads to the platforms while meeting stringent compliance requirements.
WHAT YOU'LL DO
- Architecture & delivery: Own architecture and delivery of containerized applications on Kubernetes across commercial, government, and air-gapped environments.
- CI/CD design & implementation: Design and implement CI/CD (GitOps-first using Argo CD/Flux, or classic pipelines via GitHub Actions/GitLab/Jenkins) with policy gates, automated testing, artifact signing, and environment promotion.
- Container & cluster hardening: Apply CIS Benchmarks/DoD STIGs, admission control (OPA/Gatekeeper/Kyverno), image scanning (Trivy/Anchore/Clair), SBOM/SLSA supply-chain controls, and secrets management (Vault/KMS).
- Application migration & modernization: Lead discovery, assessment, and execution (rehost/replatform/refactor), data migration strategies, blue/green and canary releases, and service mesh patterns (Istio/Linkerd).
- Infrastructure as Code: Implement Terraform/Pulumi/Helm/Kustomize; codify platform baselines and repeatable environment builds.
- Observability & reliability: Establish Prometheus/Grafana/ELK/OpenTelemetry, performance tuning, autoscaling, and SLOs.
- Security & compliance partnership: Support NIST 800-53, FedRAMP, RMF/ATO documentation, continuous monitoring, and evidence collection.
- Team coaching & communication: Create architecture diagrams, decision records, runbooks, and deliver executive/mission briefings.
- Pre-sales & delivery support: Contribute to LOE estimates, SOWs/ROMs, roadmaps, and technical demos/workshops.
REQUIRED QUALIFICATIONS
Strong candidates will meet most (not necessarily all) of the technical requirements below.
- Active TS/SCI or TS/SCI eligibility (must be able to obtain and maintain). U.S. citizenship required.
- 7+ years in Solutions Architecture, Platform Engineering, DevOps, or related roles.
- 3+ years hands-on Kubernetes in production (cluster design, operations, troubleshooting).
- CI/CD pipeline experience (e.g., GitHub Actions, GitLab CI, Jenkins) including environment promotion and approvals in regulated contexts.
- Containerization fundamentals (Docker/OCI), image lifecycle management, and container hardening practices.
- Infrastructure as Code (e.g., Terraform, CloudFormation, Crossplane) for cloud or on-prem deployments.
- Solid Linux administration, networking (VPC/VNet, DNS, TLS, ingress/egress, load balancing), and security fundamentals.
- Observability & logging (e.g., Prometheus, Grafana, ELK/EFK, OpenTelemetry); root-cause analysis and performance tuning.
- Scripting proficiency (Bash) and YAML fluency.
- Software engineering proficiency in at least one of Go or Python.
- Demonstrated ability to lead cross-functional initiatives, influence without authority, and present to technical and executive audiences.
PREFERRED QUALIFICATIONS
These are nice-to-haves that strengthen your candidacy. You don't need all of them.
- CI or FS Poly.
- Experience delivering in DoD/IC environments, including air-gapped clusters and high-side/low-side data flows.
- Managed Kubernetes distributions (EKS, AKS, GKE, VKS, Rancher, OpenShift).
- VMware ecosystem: VCF architecture/operations (vSphere, NSX-T, vSAN, SDDC Manager), VKS, Tanzu, or Cloud Foundry.
- GitOps (Argo CD, Flux) and Kubernetes packaging (Helm, Kustomize).
- Container registries (Harbor, ECR, ACR, GCR) and vulnerability scanning (Trivy, Anchore, Clair).
- Kubernetes policy & runtime security: OPA/Gatekeeper/Kyverno, Pod Security Standards, Cilium/Calico, Falco, Sigstore/Cosign, SBOM tooling.
- Secrets management (HashiCorp Vault, cloud KMS/HSM).
- Government cloud platforms: AWS GovCloud, Azure Government, or Google Assured Workloads.
- AI/ML platforms: AWS Bedrock/SageMaker, Azure OpenAI/ML, or Google Vertex AI/Gemini.
- Stateful workloads on Kubernetes: database refactoring/replication, Operators, StatefulSets, StorageClasses.
- Service mesh (Istio, Linkerd), API gateways (Kong, NGINX), Zero Trust tooling (Teleport).
- Relevant certifications: CKA/CKAD/CKS; VMware VCP tracks; cloud certs (AWS/Azure/GCP); DoD 8570/8140 (Security+, CISSP).
COMPENSATION & BENEFITS
Compensation: $150,000 - $275,000 OTE
Benefits: Comprehensive health, dental, and vision; 401(k) with 6% company match; FSA/HSA; life and AD&D; short- and long-term disability; unlimited PTO; other well-being and professional growth benefits.
Actual compensation will be based on experience, geographic location, and clearance level.
ABOUT MOMENTUMAI
MomentumAI is a platform engineering consultancy helping enterprises and government agencies build next-generation app and data platforms. Our team pioneered the Platform-as-a-Product approach at Pivotal and VMware, and has spent over a decade delivering production-scale platforms. We design and implement container orchestration (Kubernetes, Tanzu/Cloud Foundry, OpenShift, Rancher), microservices patterns, and automated CI/CD. Leveraging tools like Terraform, Crossplane, Kratix, Helm, and Kustomize - and service meshes such as Istio and Envoy - we help customers operate securely across AWS (incl. GovCloud), Azure (incl. Government), GCP, and on-prem environments. We also leverage Zero Trust access patterns (e.g., Teleport) and DevSecOps/SRE practices to ensure reliable, compliant, and observable operations.
group id: 91172323
