Solution Architect - Washington, DC - Public Trust

• Own the DevSecOps platform architecture across the client's hybrid estate (Azure primary-AKS, ACR, App Gateway, Key Vault; plus AWS, mainframe z/OS/Endevor, WebLogic/WebSphere, Oracle, PeopleSoft, SAP Data Services, MuleSoft, Appian, Salesforce, and Power Platform); produce and maintain Architecture Decision Records (ADRs) aligned to the client's target-state Enterprise Architecture.
• Design self-managed platform deployments for JFrog Artifactory/Xray, SonarQube, GitHub Enterprise Server (GHES), GitHub Advanced Security (GHAS)/CodeQL, and Subject7 on AKS; define upgrade paths under the n/n-1 version strategy.
• Establish immutable infrastructure and GitOps patterns (Flux, Helm) for the AKS platform; author Terraform IaC modules and Bicep templates for repeatable, policy-compliant provisioning across Azure and AWS landing zones.
• Design pipeline architecture for a large CI/CD pipeline estate (GitHub Actions; on-premises, cloud, hybrid, and multicloud patterns), integrating blocking security gates including SAST/SCA, IaC scanning, DAST, container scanning, and SonarQube quality gates.
• Define architecture for GitHub Copilot integration and AI-assisted development workflows within client compliance constraints.
• Architect Zero Trust controls aligned to OMB M-22-09 and CISA ZTMM 2.0 at Optimal maturity; map identity, device, network, application, and data pillars to the DevSecOps toolchain.
• Design policy-as-code enforcement (OPA/Gatekeeper, Azure Policy) for Kubernetes admission control and infrastructure-as-code guardrails; ensure CyberArk and Azure Key Vault secrets-management patterns meet FIPS and post-quantum cryptography requirements.
• Define continuous authorization (cATO) architecture, including continuous compliance monitoring via Splunk and Dynatrace, automated evidence collection, and alignment to NIST control families supporting FISMA Moderate environments.
• Establish container security architecture integrating Aqua, Trivy, TruffleHog, and GHAS/CodeQL scanning into build and release pipelines.
• Lead architecture reviews through enterprise architecture boards, change governance boards, ISSM/ISSO reviews, and cybersecurity governance bodies; produce artifacts that prevent rework and accelerate approvals.
• Design integration patterns connecting Azure/AKS cloud pipelines to mainframe z/OS/Endevor build and deployment workflows; ensure CI/CD coverage spans both cloud and mainframe application portfolios.
• Architect API and event-driven integration patterns for MuleSoft, Appian, Salesforce, and Power Platform workloads; define DevSecOps onboarding playbooks for each platform tier.
• Produce reference architectures for WebLogic/WebSphere, Oracle, PeopleSoft, and SAP Data Services application pipelines covering build, scan, test, and release stages.
• Architect observability solutions using Splunk, Dynatrace, and Azure Monitor to support >99.5% availability SLAs for mission-essential applications and timely remediation of security findings.
• Design capacity and resilience patterns for AKS clusters and self-managed tool infrastructure to absorb high volumes of service requests without degradation.
• Serve as the technical authority and primary architecture point of contact for the client, resolving architecture ambiguities with minimal client intervention.
• Lead architecture working sessions, produce decision briefs for enterprise architecture and governance boards, and ensure platform changes satisfy architecture-review requirements before implementation.
• Mentor senior engineers and DevSecOps leads on architecture patterns, infrastructure-as-code standards, and secure-by-default pipeline design.
• Author and maintain architecture runbooks, pattern libraries, and design standards that become the program's engineering baseline.

• U.S. Citizen.
• Must be able to obtain and maintain a Public Trust determination.
• Each named Key Person may participate in client presentations.
• Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Electrical Engineering, or a closely related technical discipline.
• Four additional years of directly relevant experience may be substituted in lieu of a degree.
• Minimum 12 years of progressive IT experience with at least 5 years in senior solutions architecture or enterprise architecture roles (or a Master's degree with 10 years).
• Demonstrated hands-on architecture ownership of self-managed GitHub Enterprise Server (GHES) and GitHub Cloud/Actions environments at enterprise scale.
• Recent hands-on experience designing and operating JFrog Artifactory/Xray, SonarQube, and GitHub Advanced Security (GHAS)/CodeQL as self-managed AKS-hosted services.
• Proven experience authoring production-grade Terraform modules and Kubernetes/AKS configurations for regulated federal or financial-sector environments.
• Experience leading architecture through formal enterprise architecture governance boards, change control boards, or authorization/accreditation review bodies in FISMA Moderate or higher environments.
• Recent experience integrating CI/CD pipelines across hybrid estates that include both cloud-native AKS workloads and mainframe or host-based build/deploy environments.

Desired Qualifications:

• Microsoft Certified: Azure Solutions Architect Expert (AZ-305) - active.
• AWS Certified Solutions Architect - Professional - active.
• Certified Kubernetes Administrator (CKA) or Certified Kubernetes Application Developer (CKAD).
• CISSP or CCSP.
• HashiCorp Terraform Associate or HashiCorp Infrastructure Automation Certification., The following requirements must be met to be eligible for this position: successful completion of a background investigation and drug urinalysis. SOC, a Day & Zimmermann company, is an Equal Opportunity Employer, EOE AA M/F/Vet/Disability. Note: Any pay ranges displayed are estimations, which may have been provided by job boards. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.