DevOps Engineer, Sr Staff (FedRamp)

Black Duck Software Inc. helps organizations build secure high-quality software minimizing risks while maximizing speed and productivity. Black Duck a recognized pioneer in application security provides SAST SCA and DAST solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code open source components and application behavior. With a combination of industry-leading tools services and expertise only Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

Senior Staff DevOps Engineer (FedRamp)

Who we are:

Black Duck is the market leader in application security testing helping organizations worldwide build secure high-quality software. We are building FedRAMP-authorized cloud environments to serve federal agencies integrating security seamlessly into DevOps whileestablishingrigorous compliance with government security frameworks.

Whatyoulldo (responsibilities):

As a Senior Staff Engineer in the FedRAMP DevOps Platform Team you will define and drive the technical vision for our FedRAMP-authorized cloud platform enabling Black Ducks expansion into the federal market. You will architect compliance-first infrastructure serving 500 engineers whilemaintaininggovernment security standards and accelerating our path to ATO.

• Define and architect the end-to-end FedRAMP-compliant cloud platform strategy leveraging accelerators to achieve initial ATO within 12-18 months while establishing foundation for continuous authorization and multi-year scalability.
• Lead initial FedRAMP authorization from architecture through ATO: drive SSP authoring NIST 800-53 control implementations 3PAO coordination and readiness assessment while establishing repeatable processes that reduce future authorization cycles by 40%.
• Architect secure scalable platform infrastructure including CI/CD pipelines Kubernetes environments developer portal (Backstage) observability systems and compliance automation that enables developer velocity while maintaining continuous compliance posture.
• Establish security and compliance architecture patterns across encryption network segmentation secrets management supply chain security and incident response that become organizational standards and reduce security review cycles.
• Drive technical decisions and technology selection for government cloud platforms compliance tooling and security controls; influence product roadmap to balance federal requirements with commercial product needs.
• Mentor and raise the technical bar across engineering teams through architecture reviews design discussions and establishing FedRAMP best practices; build organizational competency in compliance-aware development.
• Partner with security product and business leadership to translate federal customer requirements into technical architecture manage compliance risk and deliver measurable improvements in security posture and operational efficiency.

Whatyoullneed:

BASIC QUALIFICATIONS:

• U.S. citizenship required (FedRAMP and government customer requirements).
• BS in Computer Science or related field or equivalent experience.
• 10 years in SRE DevOps or Platform Engineering with demonstrated technical leadership across teams.
• Proven experience designing and achieving FedRAMP ATO (High or Moderate) including SSP authoring NIST 800-53 control implementation architecture documentation and 3PAO coordination.
• Expert-level architecture experience on government cloud platforms (AWS GovCloud Azure Government or GCP for Government) with deep understanding of compliance requirements networking and security boundaries.
• Expertise in modern platform technologies: Kubernetes security infrastructure-as-code (Terraform) GitOps (ArgoCD/Flux) CI/CD security observability systems and secrets management.
• Strong programming skills (Go Python or ) and demonstrated ability to drive complex technical initiatives from architecture through production.

PREFERRED QUALIFICATIONS:

• Experience leading multiple FedRAMP authorizations from architecture through ATO with track record of reducing time-to-authorization and establishing repeatable processes.
• Experience with FedRAMP accelerators (Stack Armor Coalfire) and demonstrated ability to adapt frameworks while maintaining architectural integrity.
• Professional certifications: CISSP AWS/Azure/GCP Security Specialty CKS GIAC or equivalent.
• Experience with DoD environments (IL4/IL5) CMMC compliance-as-code practices (OSCAL) and automated compliance documentation.
• Advanced degree in Computer Science or related field or equivalent experience architecting secure compliant platforms at scale.

Black Duck considers all applicants for employment without regard to race color religion sex gender preference national origin age disability or status as a Covered Veteran in accordance with federal addition Black Duck complies with applicable state and local laws prohibiting discrimination in employment in every jurisdiction in which it maintains facilities. Black Duck also provides reasonable accommodation to individuals with a disability in accordance with applicable laws.