DevSecOps Lead

Kentro is dedicated to delivering innovative and effective solutions to our clients in an evolving technological landscape. We prioritize collaboration creativity and cuttingedge engineering practices to ensure our teams produce highquality results. As we continue to expand our capabilities we are looking for talented individuals to join us in making a meaningful impact.

We are looking for a skilled DevSecOps Lead to join our team. The successful candidate will be a dynamic leader who will drive the implementation of DevSecOps practices across the organization mentoring and empowering engineering teams to adopt best practices. They will excel in defining comprehensive strategies automating workflows and ensuring secure efficient and scalable infrastructure through collaboration continuous learning and strong security and compliance oversight.

Responsibilities:

Leadership and Mentorship:

• Lead the implementation of DevSecOps practices across the organization.
• Mentor DevSecOps engineers providing guidance support and professional development opportunities.
• Foster a culture of collaboration knowledge sharing and continuous learning.

Strategy and Adoption:

• Define a comprehensive DevSecOps strategy that aligns with the companys security and business objectives.
• Champion the adoption of automation tools and processes to enhance efficiency and security.
• Establish and enforce best practices across the software development lifecycle (SDLC).

Maintenance and Support:

• Monitor system performance and troubleshoot issues.
• Perform system upgrades and maintenance tasks.

Automation and Optimization:

• Automate infrastructure tasks using scripting languages (e.g. Python Bash) and automation tools (e.g. AWS CDK AWS Lamda Terraform).
• Lead the full adoption of CI/CD leveraging technologies such as GitHub Actions Jenkins AWS CodeDeploy CodePipeline and CodeBuild.
• Ability to design and build ETL data pipelines for data processing and analysis utilizing AWS native tools and visualization platforms such as Tableau.
• Optimize system performance and resource utilization implementing costeffective and efficient infrastructure solutions.

Testing and Quality Assurance:

• Design and implement automated testing frameworks to ensure software quality and performance throughout the CI/CD pipeline.
• Version Control and Configuration Management:
• Manage and enforce software versioning control (via GitHub and AWS CodeCommit) to ensure seamless collaboration and version integrity across development efforts.
• Leverage configuration management tools to automate infrastructure provisioning and configuration.

Virtualization and Containerization:

• Drive the adoption of containerization technologies (e.g. ECS EKS Docker Kubernetes) for efficient portable application deployments.
• Utilize virtualization technologies to create scalable isolated environments for development and testing.

Security and Monitoring:

• Design and implement automated security testing vulnerability scanning (SAST & DAST) and compliance checks.
• Continuously monitor applications and cloud services for security vulnerabilities and compliance risks.

Incident Response and Remediation:

• Develop incident response plans for security incidents.
• Perform threat modeling and risk assessments to identify and mitigate potential security issues.
• Conduct postmortem analysis to identify root causes and improve security posture.

Collaboration and Communication:

• Work closely with engineers data scientists and solutions architects.
• Provide training and guidance to the development teams on secure coding practices and security tools.
• Communicate effectively with stakeholders on security risks and mitigation strategies.

Compliance and Governance:

• Develop account management governance policies to ensure secure user access rolebased permissions and compliance with industry standards across cloud and onpremise environments.
• Maintain documentation conduct audits and stay updated on trends vulnerabilities and regulatory requirements.

Location: Hybrid in McLean VA

• Bachelors degree in Computer Science Engineering or a related field. A masters degree in a relevant field is preferred.
• 7 years of progressive experience in DevSecOps DevOps or a related role within a technical environment including experience leading and mentoring DevSecOps engineers.
• Demonstrated experience in designing implementing and managing CI/CD pipelines and automated testing frameworks.
• Proven expertise in automating infrastructure and security tasks in cloud environments.
• Extensive experience with cloud platforms (e.g. AWS Azure) and their security best practices.
• Proficiency in scripting languages (Python Bash) and automation tools (e.g. Jenkins GitHub Actions).
• Skilled in infrastructure deployment and management using IaC tools (e.g. AWS CloudFormation Terraform).
• Proficient in automating infrastructure tasks with AWS services (e.g. AWS CDK AWS Systems Manager Lambda Functions EventBridge).
• Experience with containerization technologies (e.g. Amazon ECS and EKS) and their secure integration into CI/CD pipelines.
• Ability to design and implement automated testing frameworks for CI/CD pipeline quality and performance including unit smoke and regression testing.
• Expertise in automated security testing vulnerability scanning and continuous monitoring for security and compliance (e.g. AWS Inspector AWS GuardDuty AWS Security Hub SonarQube).
• Familiarity with web technologies (e.g. HTTP REST API security) and database management (e.g. MySQL PostgreSQL MongoDB) to ensure data security and integrity in cloud and hybrid environments.
• Knowledge of account management governance user access control and regulatory compliance across cloud/onprem environments leveraging (e.g. AWS IAM AWS Organizations AWS Artifact).
• Skilled in version control (e.g. Git) and configuration management (e.g. AWS OpsWorks AWS Systems Manager).
• Experience optimizing system performance and resource utilization using cloud services (e.g. EC2 S3 Auto Scaling).
• Excellent analytical problemsolving and troubleshooting abilities.
• Ability to work collaboratively in a teamoriented environment and drive initiatives to completion.
• Proactive approach to identifying and addressing security challenges.

Preferred Skills:

• Familiarity with software development methodologies (e.g. Agile Waterfall).
• Experience utilizing virtualization technologies (e.g. VMware HyperV).
• Experience implementing web application security (e.g. WAF AWS Shield) and database security practices (e.g. encryption IAM for RDS Aurora and DynamoDB).
• Experience in developing incident response plans performing threat modeling and conducting postmortem analysis using AWS CloudTrail AWS Config and AWS CloudWatch.
• AWS certifications (e.g. DevOps Engineer Solutions Architect).
• Knowledge of requirements of the various compliance frameworks such as NIST 80053 CMMC 2.0 etc.

Clearance:

• US Citizenship required; the ability to obtain a security clearance may be required.

The Company

We believe in generating success collaboratively enabling longterm mission success and building trust for the next challenge. With you as our partner lets solve challenges think innovatively and maximize impact. As a valued member of our team you have the unique opportunity to work in a diverse range of technology and business career paths all while supporting our nation and delivering innovative technology solutions. We are a close community of experts that pride ourselves on creating an environment defined by teamwork dedication and excellence.

We hold three ISO certifications 27001:::2015 and two CMMI ML 3 ratings (DEV and SVC).

Industry Recognition

Growth Inc 5000s Fastest Growing Private Companies DC Metro List Fastest Growing; Washington Business Journal: Fastest Growing Companies Top Performing Small Technology Companies in Greater D.C.

Culture Northern Virginia Technology Council Tech 100 Honoree; Virginia Best Place to Work; Washington Business Journal: Best Places to Work Corporate Diversity Index Winner MidSize Companies Companies Owned by People of Color; Department of Labors HireVets for our work helping veterans transition; SECAF Award of Excellence finalist; Victory Military Friendly Brand; Virginia Values Veterans (V3; Cystic Fibrosis Foundation Corporate Breath Award

Benefits

We offer competitive benefits package including paid time off healthcare benefits supplemental benefits 401k including an employer match discount perks rewards and more. We invest in our employees Every employee is eligible for education reimbursement for certifications degrees or professional development. Reimbursement amounts may fluctuate due to IRS limitations. We want you to grow as an expert and a leader and offer flexibility for you to take a course complete a certification or other professional growth and networking. We are committed to supporting your curiosity and sustaining a culture that prioritizes commitment to continuous professional development.

We work hard; we play hard. Kentro is committed to incorporating fun into every day. We dedicate funds for activities virtual and inperson e.g. we host happy hours holiday events fitness & wellness events and annual celebrations. In alignment with our commitment to our communities we also host and attend charity galas/events. We believe in appreciating your commitment and building a positive workspace for you to be creative innovative and happy.

Commitment Equal Opportunity Employment & VEVRAA

Kentro is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to disability status as a protected veteran or any other status protected by applicable federal state or local law.

Kentro is strongly committed to compliance with VEVRAA and other applicable federal state and local laws governing equal employment opportunity. We have developed comprehensive policies and procedures to ensure our hiring practices align with these requirements.

As part of our VEVRAA compliance efforts Kentro has established an equal opportunity plan outlining our commitment to recruiting hiring and advancing protected veterans. This plan is regularly reviewed and updated to ensure its effectiveness.

We encourage protected veterans to selfidentify during the application process. This information is strictly confidential and will only be used for reporting and compliance purposes as required by law. Providing this information is voluntary and will not impact your employment eligibility.

Our commitment to equal employment opportunity extends beyond legal compliance. We are dedicated to fostering an inclusive workplace where all employees including protected veterans are treated with dignity respect and fairness.

How to Apply

To apply to Kentro Positions Please click on the: Apply for this Job button at the bottom of this Job Description or the button at the top: Application. Please upload your resume and complete all the application steps. You must submit the application for Kentro to consider you for a position. If you need alternative application methods please email and request assistance.

Accommodations

To perform this job successfully an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions. If you need to discuss reasonable accommodations please email .