Platform DevSecOps Engineer

Ivory Cloud LLC
Rockville, United States of America
19 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 185K

Job location

Rockville, United States of America

Tech stack

Amazon Web Services (AWS)
Applications Architecture
Application Performance Management
Audit Trail
Automation of Tests
Azure
Cloud Computing
Configuration Management
Capability Maturity Model Integration
Computer Security
Information Systems
Computer Engineering
Continuous Delivery
Continuous Integration
Data Transmissions
ETL
DevOps
Disaster Recovery
Infrastructure as a Service (IaaS)
Information Security Management
NIPRNet
OAuth
Platform as a Service (PAAS)
Cloud Services
Ansible
Zero Trust Network Access
Security Information and Event Management
Data Logging
Cloud Platform System
Delivery Pipeline
Backend
SC Clearance
Kubernetes
Information Technology
Terraform
Data Pipelines
Dynatrace
Devsecops
Security Orchestration, Automation & Response
Static Application Security Testing
Vulnerability Analysis
Dynamic Application Security Testing

Job description

· Serve as the single point of accountability for the program CI/CD pipeline, cloud platform architecture, and security automation framework across NIPR and SIPR environments.

· Engineer and operate the CI/CD pipeline as a standing audit-evidence artifact, ensuring every production change carries documented SAST, SCA, container scan, DAST, IaC scan, automated test, accessibility scan, and STIG compliance verification - sufficient evidence for independent audit review without separate documentation effort.

· Directly address configuration management audit findings by engineering pipeline artifacts - immutable build records, signed commits, peer-reviewed pull requests, and automated change approvals - as the system of record for every change reaching production.

· Engineer and enforce documented role separation between developer, tester, Government Product Owner approver, and ISSO accounts in the pipeline, directly supporting access control and segregation of duties compliance objectives.

· Architect and operate cloud infrastructure for the program, including IaaS, PaaS, Kubernetes, and supporting platform services across NIPR and SIPR enclaves.

· Engineer environment parity between development, test, staging, and production environments using Infrastructure as Code, ensuring every environment is reproducible, auditable, and security compliant.

· Engineer blue/green deployment topology and feature-toggle infrastructure enabling zero-downtime releases and rollback-ready production transitions.

· Engineer and sustain CDS for code and data transfer from NIPR to SIPR, including signed-artifact promotion through CDS appliances with integrity verification, full audit logging of transfer events, and commit-hash traceability supporting rollback at any point.

· Engineer STIG-hardened base container images and operate continuous compliance scanning across the production estate.

· Architect and operate a Zero Trust framework for the program - prioritizing the User, Device, and Application/Workload pillars per DoD Zero Trust guidance, with documented Comply to Connect (C2C) integration for device posture validation.

· Architect and operate the program observability stack - including SIEM aggregation, application performance monitoring, distributed tracing, and real-time alerting feeding both operational dashboards and the standing audit-evidence record.

· Engineer disaster recovery topology targeting defined RTO and RPO thresholds; lead annual DR exercises and report results to the COR.

· Partner with the Cybersecurity / ISSO to maintain the system's RMF record, manage POA&M items, conduct continuous monitoring, and produce the documented evidence base required for audit review.

· Engineer automated security response playbooks for repeatable, audit-ready incident handling - including automated evidence collection, incident-response runbooks, and integrated change-management workflows.

· Partner with the Backend Engineering Lead to ensure application architecture aligns with platform capabilities - service mesh policies, mutual TLS between services, OAuth 2.0 + JWT enforcement, and rate-limiting policies engineered at the platform layer.

· Engineer and operate the data-pipeline platform supporting the Data Engineer's enterprise data feeds - including ETL/ELT runtime, lineage logging, and data-quality validation embedded in CI/CD.

· Contribute to program reporting and mission value communications by producing platform-health, audit-readiness, and security-posture indicators for government leadership and oversight bodies.

· Maintain a continuously refreshed platform risk register tracking technical, operational, cybersecurity, and audit-related risks with documented mitigation owners and current status visible via shared project management dashboards.

· Ensure team adherence to established CMMI Level 3 DEV and SVC appraised processes for configuration management, decision analysis and resolution, supplier agreement management, and integrated project management as applied to platform engineering.

· Represent platform and DevSecOps capability in technical interchange meetings, joint cross-agency cybersecurity working groups, and Change Control Board reviews; provide platform feasibility input to program and product leadership.

· Mentor and develop supporting Platform Engineers and Backend Engineers on platform-adjacent concerns; support recruiting, onboarding, and professional development of the broader platform team.

· Research and evaluate emerging DevSecOps practices, platform engineering tooling, and federal cloud capability evolutions - recommending pragmatic adoption only where direct delivery acceleration, audit-evidence improvement, or operational reliability gain is demonstrable.

Requirements

Do you have experience in Vulnerability scanning?, Do you have a Bachelor's degree?, IvoryCloud is seeking a Platform / DevSecOps Engineer Lead to architect, operate, and sustain the continuous integration / continuous delivery (CI/CD) pipeline, cloud infrastructure, and security automation framework for a mission-critical federal enterprise system operating across NIPR and SIPR environments supporting defense security cooperation/Foreign Military Sales related space. This is a Key Personnel position responsible for engineering the delivery pipeline as a standing audit-evidence artifact and for advancing configuration management, access control, and segregation of duties compliance objectives. The ideal candidate brings deep cloud platform engineering experience in federal environments, demonstrated DOW cross-domain solution (CDS) expertise, and the disciplined judgment required to evolve a complex mission system without destabilizing the operational continuity it supports.

Requirements

· U.S. Citizenship: Required, Non-negotiable. (This differs from eligibility to work in the U.S.)

· Clearance: Active Secret clearance required.

· Minimum Years Experience: 10 years of platform, DevOps, or infrastructure engineering experience, including a minimum of 5 years supporting U.S. federal customers and 3 years leading CI/CD or cloud platform engineering on enterprise-scale mission systems.

· Location: National Capital Region (NCR); hybrid schedule with regular on-site presence at client Northern Virginia site and company headquarters in Rockville, Maryland. Must reside within commuting distance of the NCR and be available to report on-site within three hours of request.

· Demonstrated expert proficiency with Azure GovCloud or AWS GovCloud, including IaaS, PaaS, Kubernetes (AKS/EKS), and Helm; equivalent GovCloud platform experience considered.

· Demonstrated experience engineering and operating CI/CD pipelines with hard security gates - including SAST, SCA, container image scanning, DAST, IaC scanning, accessibility validation, and STIG compliance on production federal workloads.

· Exceptional oral and written communication skills, including the ability to brief technical leadership, government cybersecurity teams, and the Information System Security Officer (ISSO) on pipeline architecture and audit-evidence posture.

· Direct experience with Infrastructure as Code (Terraform, Ansible, or equivalent) deployed against federal production environments, with environment parity enforced between NIPR and SIPR.

· Demonstrated experience engineering Cross-Domain Solutions (CDS) for code or data transfer between security enclaves including signed-artifact promotion, integrity verification, and documented audit logging across the transfer boundary..

Education

· Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Cybersecurity, or a related technical discipline. Master's degree in a related technical discipline preferred.

· Equivalent professional experience may be considered in lieu of formal degree on a case-by-case basis.

Certifications

· Desired certifications include:

o Microsoft Certified: Azure Administrator Associate (AZ-104) or AWS Certified Solutions Architect - Associate, · Demonstrated experience engineering and operating CI/CD pipelines within a CMMI Level 3 or higher appraised Agile delivery organization across both NIPR and SIPR environments.

· Direct experience engineering CDS environments at classified government facilities, including VDI integration, secure enclave coordination, and 24/7 mission-continuity operations.

· Experience supporting DOW enterprise data ecosystems, RMF/ATO processes, or comparable federal cybersecurity governance frameworks.

· Experience operating federal cloud workloads at significant scale - large user populations and high-volume transactional throughput across geographically distributed user communities.

· Direct experience with defense security cooperation, Foreign Military Sales (FMS), or comparable mission domains and their enterprise systems.

· Track record of platform or DevSecOps work cited in audit-finding closure, security posture improvement, or release-cadence acceleration on federal program performance reviews., * Platform, DevOps, infrastructure engineering: 10 years (Required)

  • supporting federal customers: 5 years (Required)

Benefits & conditions

Pulled from the full job description

  • Referral program
  • 401(k)
  • Health insurance
  • 401(k) matching
  • Paid time off
  • Vision insurance
  • Dental insurance, · Salaried position and eligible for participation in company and Business Development bonus programs

· Full-time benefits include:

  • 401(k)
  • 401(k) matching
  • Dental insurance
  • Health insurance
  • Life insurance
  • Paid time off
  • Referral program
  • Retirement plan
  • Vision insurance

About IvoryCloud

IvoryCloud is a growing 8(a) certified small business. Our work with Federal and commercial clients includes Mission Systems development, modernization, and support, Software services, AI/ML engineering, Enterprise Cybersecurity, and Mission Optimization services. We are a growing, privately held small business located in Rockville, MD. IvoryCloud is an Equal Opportunity Employer (EEO).

Pay: $155,000.00 - $185,000.00 per year, * 401(k)

  • 401(k) matching
  • Dental insurance
  • Flexible schedule
  • Health insurance
  • Life insurance
  • Paid time off
  • Referral program
  • Vision insurance

Application Question(s):

  • This role requires U.S. citizenship. Please type 'citizen' if you meet this requirement.
  • Do you meet the hybrid requirements of on-site work in Arlington, VA and Rockville, MD?
  • Please list your active certifications.

Apply for this position