user avatar

DevSecOps Lead Engineer

Koniag Government Services

Posted today

Job Requirements

Washington, DC
Public Trust Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries

Job Description

Koniag Data Solutions, LLC, a Koniag Government Services company, is seeking a DevSecOps Lead Engineer to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced DevSecOps Lead Engineer to support the design, implementation, and management of DevSecOps practices, pipelines, and culture in support of the U.S. Small Business Administration (SBA). The ideal candidate is a senior-level engineering professional with deep expertise in DevSecOps methodologies, CI/CD pipeline development, security automation, and cloud-native technologies, and a proven track record of leading DevSecOps transformation efforts within complex federal government environments. This individual will serve as the technical lead and subject matter expert for SBA's DevSecOps program, driving the integration of security into every phase of the software development lifecycle, accelerating the delivery of secure, high-quality software, and fostering a culture of collaboration, automation, and continuous improvement across SBA's development and operations teams.

The DevSecOps Lead Engineer will serve as the senior technical lead and SME for DevSecOps practices and implementation at the SBA, working closely with SBA's IT leadership, development teams, security teams, operations staff, and program managers to design, build, and continuously improve a robust DevSecOps program that enables the rapid, secure, and reliable delivery of software and infrastructure solutions in support of SBA's mission.

Principal responsibilities will include but are not limited to:
  • Serve as the senior technical lead and SME for DevSecOps practices, pipelines, and culture at the SBA, providing expert guidance, strategic direction, and hands-on technical leadership to development, security, and operations teams across the organization.
  • Lead the design, development, implementation, and continuous improvement of SBA's CI/CD pipelines and DevSecOps toolchain, ensuring pipelines are automated, secure, scalable, and aligned with SBA's software delivery and security requirements.
  • Drive the integration of security practices, tools, and automation throughout the software development lifecycle (SDLC), including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), container security scanning, and infrastructure as code (IaC) security scanning.
  • Lead the development and implementation of SBA's DevSecOps strategy, roadmap, and standards, ensuring alignment with federal DevSecOps guidance, SBA's enterprise architecture framework, and industry best practices.
  • Oversee the design, implementation, and management of infrastructure as code (IaC) practices and tools, enabling automated, repeatable, and auditable provisioning and management of SBA's IT infrastructure and cloud environments.
  • Collaborate with SBA's development, security, and operations teams to establish and enforce DevSecOps standards, coding best practices, security requirements, and quality gates within the CI/CD pipeline.
  • Lead the evaluation, selection, and implementation of DevSecOps tools and platforms, including source code management, CI/CD orchestration, container orchestration, artifact management, security scanning, and monitoring solutions appropriate for SBA's environment.
  • Provide technical leadership and oversight for the containerization and orchestration of SBA applications, ensuring container images are properly secured, scanned, and managed in accordance with SBA security requirements and federal guidelines.
  • Support the planning and execution of cloud migration and modernization initiatives, applying DevSecOps principles and practices to accelerate the secure migration of SBA workloads to cloud environments.
  • Develop and maintain comprehensive DevSecOps documentation including pipeline architecture designs, technical runbooks, standards and guidelines, and training materials to support SBA's DevSecOps program.
  • Collaborate with SBA's ISSO and security teams to ensure DevSecOps pipelines and practices support the maintenance of system Authorization to Operate (ATO) requirements, including the automation of security control testing and continuous monitoring activities where applicable.
  • Lead and conduct code reviews, architecture reviews, and security reviews for DevSecOps pipeline components and infrastructure as code artifacts, ensuring they meet SBA's quality and security standards.
  • Provide technical mentorship and guidance to junior and mid-level engineers, developers, and operations staff, fostering a culture of learning, collaboration, and continuous improvement across SBA's technical teams.
  • Develop and deliver DevSecOps training, workshops, and knowledge-sharing sessions for SBA technical staff, helping to build organizational capability and support for DevSecOps principles and practices
  • Monitor and analyze the performance, reliability, and security of SBA's DevSecOps pipelines and toolchain, identifying and implementing improvements to enhance pipeline efficiency, security, and overall effectiveness.
  • Stay at the forefront of DevSecOps technology developments, federal policy guidance, and industry best practices, applying this knowledge to continuously refine and improve SBA's DevSecOps program.

Education and Experience:

Required:
  • Bachelor's degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or a related field from an accredited college or university, OR equivalent combination of education and extensive relevant work experience.
  • 7+ years of progressive experience in software engineering, systems engineering, or DevOps/DevSecOps, with significant demonstrated experience designing, implementing, and managing CI/CD pipelines and DevSecOps practices in a federal government or large enterprise environment.
  • Demonstrated expert-level hands-on experience with CI/CD tools and platforms such as Jenkins, GitLab CI/CD, GitHub Actions, or similar, and container orchestration platforms such as Kubernetes or Red Hat OpenShift.Demonstrated experience integrating security tools and automation into CI/CD pipelines including SAST, DAST, SCA, and container security scanning solutions.
  • One or more of the following certifications: Certified Kubernetes Administrator (CKA), AWS Certified DevOps Engineer, Microsoft Certified: DevOps Engineer Expert, or equivalent senior-level DevSecOps or cloud engineering certification.

Desired:
  • Master's degree in Computer Science, Software Engineering, Information Technology, or a related field.
  • Prior experience leading DevSecOps program development and implementation at a federal civilian agency, preferably the SBA or a similar organization.
  • Certified Kubernetes Security Specialist (CKS), AWS Certified Security - Specialty, or other relevant advanced cloud security or DevSecOps certifications.
  • Red Hat Certified Engineer (RHCE) or Red Hat Certified Architect (RHCA) certification.

Required Skills and Competencies:
  • Expert-level knowledge of DevSecOps principles, methodologies, and best practices and their application to the design, implementation, and management of secure, automated software delivery pipelines in a federal government environment.
  • Demonstrated expert-level hands-on experience with CI/CD tools and platforms including Jenkins, GitLab CI/CD, GitHub Actions, CircleCI, or similar, and the ability to design, build, and optimize complex CI/CD pipeline architectures.
  • Deep technical expertise in containerization and container orchestration technologies including Docker, Kubernetes, and Red Hat OpenShift, including experience securing and managing container environments in production.
  • Extensive experience with infrastructure as code (IaC) tools and practices including Terraform, Ansible, AWS CloudFormation, or similar, and their application to automated, repeatable infrastructure provisioning and management.
  • Strong experience integrating security automation into CI/CD pipelines including SAST tools such as SonarQube or Checkmarx, DAST tools such as OWASP ZAP or Burp Suite, SCA tools such as Black Duck or Snyk, and container security scanning tools such as Twistlock, Aqua Security, or Anchore.
  • Solid experience with cloud platforms and services including AWS, Microsoft Azure, or Google Cloud Platform, and the application of cloud-native DevSecOps practices and tools within federal cloud environments.
  • Proficient experience with source code management and collaboration platforms including Git, GitHub, GitLab, or Bitbucket, including experience with branching strategies, code review processes, and repository security practices.
  • Solid understanding of federal cybersecurity frameworks, requirements, and guidance including NIST SP 800-53, NIST SP 800-218 (Secure Software Development Framework), FISMA, and FedRAMP, and their application to DevSecOps practices and pipeline security.
  • Experience with monitoring, logging, and observability tools and platforms such as ELK Stack, Prometheus, Grafana, Splunk, or similar, and their integration into DevSecOps pipelines and operations.
  • Strong experience with scripting and programming languages including Python, Bash, PowerShell, or similar, and their application to pipeline automation, toolchain integration, and infrastructure management.
  • Exceptional written and oral communication skills in English, with the ability to clearly communicate complex DevSecOps concepts, architectural designs, and technical recommendations to both technical teams and senior non-technical audiences.
  • Strong leadership and mentorship skills with demonstrated experience guiding and developing engineers, developers, and operations staff in DevSecOps practices and culture.
  • Ability to obtain and maintain a Public Trust clearance as required by the SBA.

Desired Skills and Competencies:
  • Prior experience leading DevSecOps program development and implementation at the SBA or a similar federal civilian agency
  • In-depth familiarity with SBA's IT environment, development platforms, and mission areas, including an understanding of the unique challenges and opportunities associated with implementing DevSecOps within the SBA environment
  • Experience with artifact management and software supply chain security tools and practices including JFrog Artifactory, Nexus Repository, or similar, and their integration into secure software delivery pipelines.
  • Advanced knowledge of service mesh technologies such as Istio or Linkerd and their application to securing microservices architectures within a DevSecOps context.
  • Experience with GitOps practices and tools such as ArgoCD or Flux and their application to automated, auditable infrastructure and application deployments.
  • Familiarity with the NIST Secure Software Development Framework (SSDF) and its practical application to DevSecOps program design and implementation in a federal government environment.
  • Experience supporting ATO processes and continuous monitoring programs, including the automation of security control testing and evidence collection within CI/CD pipelines.
  • Knowledge of software bill of materials (SBOM) concepts and tools and their application to software supply chain security and federal compliance requirements.
  • Certified Kubernetes Security Specialist (CKS), AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, or other relevant advanced cloud security certifications.
  • Experience with chaos engineering practices and tools and their application to improving the resilience and reliability of DevSecOps pipelines and application deployments.
  • Familiarity with federal IT acquisition and procurement processes and experience supporting the development of technical requirements and evaluation criteria for DevSecOps toolchain acquisitions.

Our Equal Employment Opportunity Policy

The company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race, color, religion, creed, ethnicity, sex, sexual orientation, gender or gender identity (except where gender is a bona fide occupational qualification), national origin or ancestry, age, disability, citizenship, military/veteran status, marital status, genetic information or any other characteristic protected by applicable federal, state, or local law. We are committed to equal employment opportunity in all decisions related to employment, promotion, wages, benefits, and all other privileges, terms, and conditions of employment.

The company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website, please get in touch with Heaven Wood via e-mail at accommodations@koniag-gs.com or by calling 703-488-9377 to request accommodations.

Koniag Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag, we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and native communities. For more information, please visit www.koniag-gs.com.

Equal Opportunity Employer/Veterans/Disabled. Shareholder Preference in accordance with Public Law 88-352
group id: 10201473
Find Koniag Government Services on Social Media
Recruiters
user avatar
About Us
Koniag Government Services (KGS) supports the values and traditions of our Native communities through an agile employee and corporate culture that delivers Enterprise Solutions, Professional Services, and Operational Management to Federal Government Agencies. We apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical, professional, and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers, employees, and Native communities. Through our wholly-owned subsidiary companies, including SBA Certified 8(a) and HUBZone companies, we provide exceptional service to our Government clients with a committed focus on: Community Mission. Solution Oriented. Exceptional People.

Koniag Government Services Jobs


Clearance Level
Public Trust