DevSecOps Solutions Architect

Job Title : Lead Enterprise DevSecOps Solutions Architect (Zero Trust / Hybrid Cloud & Mainframe)
Location : Washington, DC Metro Area.(Must reside within commuting distance of the client headquarters to support on-site presence on short notice; primarily remote/telework otherwise.)
Travel:
• Up to 30% travel consistent with contract requirements.
• Domestic travel only.
Duration : 6 Months

Salary Range: $100.00 - $105.00 /Hour on W2 (Without Benefits).
Applicants must be willing to work on W2.

Clearance : Must be able to obtain and maintain a Public Trust determination.

Job Description:

• The Solutions Architect is a Key Personnel role on the New Program, supporting the client's CIO organization (CIOO). The architect owns the target-state design of the client's DevSecOps platform-a hybrid estate spanning Azure/AKS, AWS, mainframe z/OS/Endevor, and enterprise middleware (WebLogic/WebSphere, Oracle, PeopleSoft, SAP, MuleSoft, Appian, Salesforce, Power Platform) across a large, complex enterprise DevSecOps environment at DevSecOps maturity Level 2 of 5.
• May require participation in on-call or surge-support activities for critical incidents, major releases, or client-directed operational events consistent with contract SLAs.
• The architect translates client Enterprise Architecture (EA) directives and enterprise architecture governance requirements into actionable, repeatable platform blueprints that enable development teams to deliver securely with minimal client intervention.
• This role demands recent, hands-on design authority over a self-managed enterprise DevSecOps toolchain-including GitHub Enterprise Server, GitHub Cloud/Actions, GitHub Advanced Security (GHAS), JFrog Artifactory/Xray, SonarQube, and Subject7 on Azure/AKS-and a demonstrated ability to harden that platform to FISMA Moderate, NIST 800-53/800-207, OMB M-22-09, and CISA Zero Trust Maturity Model (ZTMM) 2.0 (target: Optimal) standards.

Responsibilities:
Platform Architecture and Target-State Design:

• Own the DevSecOps platform architecture across the client's hybrid estate (Azure primary-AKS, ACR, App Gateway, Key Vault; plus AWS, mainframe z/OS/Endevor, WebLogic/WebSphere, Oracle, PeopleSoft, SAP Data Services, MuleSoft, Appian, Salesforce, and Power Platform); produce and maintain Architecture Decision Records (ADRs) aligned to the client's target-state Enterprise Architecture.
• Design self-managed platform deployments for JFrog Artifactory/Xray, SonarQube, GitHub Enterprise Server (GHES), GitHub Advanced Security (GHAS)/CodeQL, and Subject7 on AKS; define upgrade paths under the n/n-1 version strategy.
• Establish immutable infrastructure and GitOps patterns (Flux, Helm) for the AKS platform; author Terraform IaC modules and Bicep templates for repeatable, policy-compliant provisioning across Azure and AWS landing zones.
• Design pipeline architecture for a large CI/CD pipeline estate (GitHub Actions; on-premises, cloud, hybrid, and multicloud patterns), integrating blocking security gates including SAST/SCA, IaC scanning, DAST, container scanning, and SonarQube quality gates.
• Define architecture for GitHub Copilot integration and AI-assisted development workflows within client compliance constraints.
• Security Architecture and Zero Trust
• Architect Zero Trust controls aligned to OMB M-22-09 and CISA ZTMM 2.0 at Optimal maturity; map identity, device, network, application, and data pillars to the DevSecOps toolchain.
• Design policy-as-code enforcement (OPA/Gatekeeper, Azure Policy) for Kubernetes admission control and infrastructure-as-code guardrails; ensure CyberArk and Azure Key Vault secrets-management patterns meet FIPS and post-quantum cryptography requirements.
• Define continuous authorization (cATO) architecture, including continuous compliance monitoring via Splunk and Dynatrace, automated evidence collection, and alignment to NIST control families supporting FISMA Moderate environments.
• Establish container security architecture integrating Aqua, Trivy, TruffleHog, and GHAS/CodeQL scanning into build and release pipelines.
• Lead architecture reviews through enterprise architecture boards, change governance boards, ISSM/ISSO reviews, and cybersecurity governance bodies; produce artifacts that prevent rework and accelerate approvals.

Hybrid and Mainframe Integration Architecture:

• Design integration patterns connecting Azure/AKS cloud pipelines to mainframe z/OS/Endevor build and deployment workflows; ensure CI/CD coverage spans both cloud and mainframe application portfolios.
• Architect API and event-driven integration patterns for MuleSoft, Appian, Salesforce, and Power Platform workloads; define DevSecOps onboarding playbooks for each platform tier.
• Produce reference architectures for WebLogic/WebSphere, Oracle, PeopleSoft, and SAP Data Services application pipelines covering build, scan, test, and release stages.
• SLA, Observability, and Reliability Architecture
• Architect observability solutions using Splunk, Dynatrace, and Azure Monitor to support >99.5% availability SLAs for mission-essential applications and timely remediation of security findings.
• Design capacity and resilience patterns for AKS clusters and self-managed tool infrastructure to absorb high volumes of service requests without degradation.

Technical Leadership and Governance:

• Serve as the technical authority and primary architecture point of contact for the client, resolving architecture ambiguities with minimal client intervention.
• Lead architecture working sessions, produce decision briefs for enterprise architecture and governance boards, and ensure platform changes satisfy architecture-review requirements before implementation.
• Mentor senior engineers and DevSecOps leads on architecture patterns, infrastructure-as-code standards, and secure-by-default pipeline design.
• Author and maintain architecture runbooks, pattern libraries, and design standards that become the program's engineering baseline.

Required Experience:

• Minimum 12 years of progressive IT experience with at least 5 years in senior solutions architecture or enterprise architecture roles (or a master's degree with 10 years).
• Demonstrated hands-on architecture ownership of self-managed GitHub Enterprise Server (GHES) and GitHub Cloud/Actions environments at enterprise scale.
• Recent hands-on experience designing and operating JFrog Artifactory/Xray, SonarQube, and GitHub Advanced Security (GHAS)/CodeQL as self-managed AKS-hosted services.
• Proven experience authoring production-grade Terraform modules and Kubernetes/AKS configurations for regulated federal or financial-sector environments.
• Experience leading architecture through formal enterprise architecture governance boards, change control boards, or authorization/accreditation review bodies in FISMA Moderate or higher environments.
• Recent experience integrating CI/CD pipelines across hybrid estates that include both cloud-native AKS workloads and mainframe or host-based build/deploy environments.

Preferred Qualifications:
Certifications:

• Microsoft Certified: Azure Solutions Architect Expert (AZ-305) - active.
• AWS Certified Solutions Architect - Professional - active.
• Certified Kubernetes Administrator (CKA) or Certified Kubernetes Application Developer (CKAD).
• CISSP or CCSP.
• HashiCorp Terraform Associate or HashiCorp Infrastructure Automation Certification.