Chief DevSecOps Engineer #1684973

About The Position

Requirements

• U.S Citizenship required.
• Must be able to obtain and maintain a Public Trust clearance
• This position is remote but may require occasional onsite meetings in McLean, VA.
• You can be based out of following states: AZ, DC, FL, GA, OH, ME, MD, SC, TX, UT, VA, NC, OK, WV.
• Bachelor's degree in Computer Science, Engineering, Cybersecurity, or related discipline (Master's preferred).
• Minimum 10+ years of hands-on DevSecOps, Cloud Engineering, or Secure Software Delivery experience.
• Experience supporting federal programs with elevated security requirements (DHS, VA, DoD, HHS, etc.).
• Background in large-scale modernization, cloud migration, and modernization of legacy systems.
• Expert understanding of CI/CD and cloud-native engineering
• Strong knowledge of federal cybersecurity requirements
• Ability to lead cross-functional technical teams
• Ability to translate security requirements into automated pipeline controls
• Strong communication and stakeholder engagement skills
• Demonstrated commitment to continuous improvement and reliability engineering
• Languages & Frameworks: Java 17+, Spring Boot, Spring WebFlux, Streams API, Scripted automation (Python, Bash)
• Cloud & Infrastructure: AWS (GovCloud or VAEC strongly preferred), Kubernetes (EKS), Docker, Terraform, Ansible, Helm, GitHub Actions
• DevSecOps Toolchain: GitHub Enterprise, Jenkins, SonarQube, Nexus/Artifactory, SAST/DAST/SCA tools, IaC security tools (Checkov, tfsec)
• Observability & Monitoring: Dynatrace, Splunk, CloudWatch
• Security & Compliance: NIST SP 800-53, RMF, FISMA, FedRAMP, Zero Trust, OAuth2/OpenID Connect, TLS 1.3, Container security and compliance scanning

Nice To Haves

• CompTIA Security+, CISSP, or CISM
• SAFe DevOps Practitioner (SDP) or SAFe Architect
• AWS Certified DevOps Engineer
• CKA/CKAD (Kubernetes Certifications)
• ITIL v4

Responsibilities

• DevSecOps Architecture & Engineering Leadership: Design, implement, and oversee the VESEE DevSecOps toolchain supporting CI/CD, automated testing, code scanning, container security, and deployment.
• Architect secure, cloud-native pipelines for Java 17+, Spring Boot, Spring WebFlux, Kafka, Redis, Oracle, and React/Next.js applications deployed to AWS VAEC using Kubernetes and Docker.
• Define and enforce security, reliability, and operations standards across all development and modernization tasks.
• Lead implementation of Zero Trust, container hardening, and secure-by-design controls aligned to NIST 800-53 Rev5, FISMA, and VA Directive 6500.
• Security & Compliance Governance: Serve as the authoritative owner of CI/CD security, code quality, secrets management, and compliance validation.
• Integrate automated tools for SAST, DAST, SCA, IaC scanning, dependency checking, and container scanning.
• Ensure all DevSecOps pipelines meet requirements of: FedRAMP High, FIPS 140-3, HIPAA, VA Identity, Credential, and Access Management (ICAM) policies, 508 accessibility checks where applicable
• Support development teams in achieving Authority to Operate (ATO) sustainment in partnership with VA OIS.
• Automation, Observability & Reliability Engineering: Implement end-to-end automation for build, test, deploy, and monitor stages across all environments (development, integration, staging, production).
• Integrate observability tools (e.g., Splunk, Dynatrace, CloudWatch) to support proactive monitoring, alerting, and performance optimization.
• Drive "shift-left" quality by enforcing test automation standards (unit, integration, regression, 508 testing).
• Ensure VESEE systems meet performance thresholds, including throughput, latency, and reliability requirements cited in the RFP and VESEE tech stack documents.
• Collaboration & Technical Leadership: Serve as senior technical advisor to the Program Manager, Principal Senior Software Engineer, Release/Delivery Manager, and VA architecture teams.
• Lead DevSecOps discussions during Sprint Planning, PI Planning, and Release Readiness.
• Mentor developers, DevSecOps engineers, and infrastructure staff in secure engineering best practices.
• Coordinate with the Business, Data, QA, and HCD teams to ensure secure, automated workflows across the entire delivery lifecycle.

Benefits

• comprehensive health, dental, vision, pet, and legal insurance
• 401(k) retirement matching
• paid leave
• paid holidays
• health and wellness programs
• employer-paid life and disability insurance
• professional development
• education benefits