Solutions Architect - FDIC Enterprise DevSecOps

About The Position

Requirements

• Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Electrical Engineering, or a closely related technical discipline. In lieu of degree, additional years experience may be required.
• Must be able to obtain and maintain a Public Trust clearance.
• Minimum 12 years of progressive IT experience with at least 5 years in senior solution/enterprise architecture roles (or a Master's degree with 10 years).
• Demonstrated hands-on architecture ownership (current experience, typically within the past 1-2 years) of a self-managed GitHub Enterprise Server (GHES) and GitHub Cloud/Actions environment at enterprise scale (hundreds of repositories and active pipelines).
• Recent, hands-on experience designing and operating JFrog Artifactory/Xray, SonarQube, and GitHub Advanced Security (GHAS)/CodeQL as self-managed, AKS-hosted services - not SaaS consumption only.
• Proven, recent experience authoring production-grade Terraform IaC modules and Kubernetes/AKS manifests for a regulated federal or financial-sector environment; immutable infrastructure and policy-as-code patterns required.
• Experience leading architecture through formal EA governance bodies (equivalent to enterprise architecture fitness-gate boards, CCB, or ATO boards) in a FISMA-moderate or higher environment.
• Recent architecture experience integrating CI/CD pipelines across a hybrid estate that includes both cloud-native AKS workloads and mainframe or host-based build/deploy environments (z/OS, Endevor, or equivalent); candidate must demonstrate design authority over both sides of the hybrid boundary, not cloud-only coverage.
• GitHub Enterprise Server (self-managed), GitHub Cloud, GitHub Actions, GitHub Advanced Security (GHAS), CodeQL, GitHub Copilot
• JFrog Artifactory / Xray, SonarQube, Aqua, Trivy, Trufflehog (self-managed, AKS-hosted deployment and operations)
• Azure: AKS, ACR, App Gateway, Key Vault, Azure Policy, Azure Monitor; AWS: integration and landing-zone patterns
• Terraform IaC, Bicep, Packer; Helm, Flux (GitOps); Docker; Kubernetes (AKS)
• Policy-as-code: OPA/Gatekeeper, Azure Policy, admission controller patterns
• NIST 800-53 / 800-207, OMB M-22-09, CISA ZTMM 2.0, FISMA-moderate, FIPS 140-2/3
• CyberArk, Azure Key Vault secrets management; FIPS 140-2/3 cryptographic boundaries
• Splunk, DynaTrace, Azure Monitor for observability and compliance evidence collection

Nice To Haves

• Microsoft Certified: Azure Solutions Architect Expert (AZ-305) - active
• AWS Certified Solutions Architect - Professional - active
• Certified Kubernetes Administrator (CKA) or Certified Kubernetes Application Developer (CKAD)
• CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Professional)
• HashiCorp Terraform Associate (003) or HashiCorp Infrastructure Automation Certification
• Architecture experience at enterprise scale across hybrid on-prem and multi-cloud environments.
• Hands-on design of CI/CD pipeline architectures covering mainframe (z/OS, Endevor) alongside cloud-native AKS workloads in the same DevSecOps platform.
• Experience designing Subject7 test automation platform deployment and integration within a DevSecOps pipeline (alongside Selenium, Playwright, JMeter).
• Architecture ownership for enterprise middleware platforms in a DevSecOps context: MuleSoft, WebLogic/WebSphere, Oracle, PeopleSoft, SAP Data Services.
• cATO architecture and continuous compliance automation in a FISMA-moderate boundary; experience producing evidence packages accepted by an ISSM/ISSO without rework.
• Experience with PQC migration planning (FIPS 203/204/205) and FIPS 140-3 cryptographic module selection.
• 12 CFR 366 (FDIC contractor conduct standards) or equivalent financial-regulator contractor compliance experience.
• Section 508 architecture patterns for enterprise web and portal applications.

Responsibilities

• Own the DevSecOps platform architecture across the FDIC hybrid estate (Azure primary - AKS, ACR, App Gateway, Key Vault; plus AWS, mainframe z/OS/Endevor, WebLogic/WebSphere, Oracle, PeopleSoft, SAP Data Services, MuleSoft, Appian, Salesforce, Power Platform); produce and maintain Architecture Decision Records (ADRs) aligned to FDIC target-state EA.
• Design self-managed platform deployments for JFrog Artifactory/Xray, SonarQube, GitHub Enterprise Server (GHES), GitHub Advanced Security (GHAS)/CodeQL, and Subject7 on AKS; define upgrade paths under the n/n-1 version strategy.
• Establish immutable-infrastructure and GitOps patterns (Flux, Helm) for the AKS platform; author Terraform IaC modules and Bicep templates for repeatable, policy-compliant provisioning across Azure and AWS landing zones.
• Design pipeline architecture for a large CI/CD pipeline estate (GitHub Actions; on-prem, cloud, hybrid, multicloud patterns), integrating blocking security gates: SAST/SCA on Critical/High, IaC scan on Critical, DAST on Critical, container scan on Critical/High, SonarQube quality gate on fail.
• Define architecture for GitHub Copilot (SaaS) integration and AI-assisted development workflows within FDIC compliance constraints.
• Architect Zero Trust controls aligned to OMB M-22-09 and CISA ZTMM 2.0 at Optimal maturity; map identity (Entra/CyberArk), device, network, application, and data pillars to the DevSecOps toolchain.
• Design policy-as-code enforcement (OPA/Gatekeeper, Azure Policy) for Kubernetes admission control and IaC guardrails; ensure CyberArk and Azure Key Vault secrets management patterns meet FIPS 140-2/3 and PQC (FIPS 203/204/205) requirements.
• Define cATO (continuous ATO) architecture: continuous compliance monitoring via Splunk and DynaTrace, automated evidence collection, and alignment to NIST 800-37/800-53/800-88/800-207 control families for FISMA-moderate boundary.
• Establish container security architecture integrating Aqua, Trivy, Trufflehog, and GHAS/CodeQL scanning into build and release pipelines; ensure secrets + peer-review gates at Develop stage are architecturally enforced.
• Lead architecture reviews through enterprise architecture and change governance boards (EA fitness gate), CCB, ISSM/ISSO, and OCISO coordination bodies; produce fitness-gate artifacts that prevent rework.
• Design integration patterns connecting Azure/AKS cloud pipelines to mainframe z/OS/Endevor build and deploy workflows; ensure CI/CD coverage spans both cloud and mainframe application portfolios within the full enterprise application scope.
• Architect API and event-driven integration patterns for MuleSoft, Appian, Salesforce, and Power Platform workloads; define DevSecOps onboarding playbooks for each platform tier.
• Produce reference architectures for WebLogic/WebSphere, Oracle, PeopleSoft, and SAP Data Services application pipelines, covering build, scan, test (Selenium/Playwright/JMeter/Subject7), and release stages.
• Architect the observability stack (Splunk, DynaTrace, Azure Monitor) to enforce >99.5% availability SLAs for the 83 Mission Essential/Critical applications and Critical/High security-finding remediation within <=30 days and Moderate within <=90 days.
• Design capacity and resilience patterns for AKS clusters and self-managed tool infrastructure to absorb high volumes of ServiceNow requests without degradation.
• Serve as the technical authority and primary architect point of contact for FDIC, resolving architecture ambiguities autonomously to minimize client intervention.
• Lead architecture working sessions, produce decision briefs for enterprise architecture and change governance boards and OCISO, and ensure all platform changes pass EA fitness gates before implementation.
• Mentor senior engineers and DevSecOps leads on architecture patterns, IaC standards, and secure-by-default pipeline design.
• Author and maintain architecture runbooks, pattern libraries, and design standards that become the program's shared engineering baseline.

Benefits

• competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement