Koniag Data Solutions LLC a Koniag Government Services company is seeking a DevSecOps Lead Engineer to support KDS and our government customer in Washington DC. This position requires the candidate to be able to obtain a Public offer competitive compensation and an extraordinary benefits package including health dental and vision insurance 401K with company matching flexible spending accounts paid holidays three weeks paid time off and Data Solutions a Koniag Government Services company is seeking an experienced DevSecOps Lead Engineer to support the design implementation and management of DevSecOps practices pipelines and culture in support of the U.S. Small Business Administration (SBA). The ideal candidate is a senior-level engineering professional with deep expertise in DevSecOps methodologies CI/CD pipeline development security automation and cloud-native technologies and a proven track record of leading DevSecOps transformation efforts within complex federal government environments. This individual will serve as the technical lead and subject matter expert for SBAs DevSecOps program driving the integration of security into every phase of the software development lifecycle accelerating the delivery of secure high-quality software and fostering a culture of collaboration automation and continuous improvement across SBAs development and operations DevSecOps Lead Engineer will serve as the senior technical lead and SME for DevSecOps practices and implementation at the SBA working closely with SBAs IT leadership development teams security teams operations staff and program managers to design build and continuously improve a robust DevSecOps program that enables the rapid secure and reliable delivery of software and infrastructure solutions in support of SBAs mission. Principal responsibilities will include but are not limited to:Serve as the senior technical lead and SME for DevSecOps practices pipelines and culture at the SBA providing expert guidance strategic direction and hands-on technical leadership to development security and operations teams across the the design development implementation and continuous improvement of SBAs CI/CD pipelines and DevSecOps toolchain ensuring pipelines are automated secure scalable and aligned with SBAs software delivery and security the integration of security practices tools and automation throughout the software development lifecycle (SDLC) including static application security testing (SAST) dynamic application security testing (DAST) software composition analysis (SCA) container security scanning and infrastructure as code (IaC) security the development and implementation of SBAs DevSecOps strategy roadmap and standards ensuring alignment with federal DevSecOps guidance SBAs enterprise architecture framework and industry best the design implementation and management of infrastructure as code (IaC) practices and tools enabling automated repeatable and auditable provisioning and management of SBAs IT infrastructure and cloud with SBAs development security and operations teams to establish and enforce DevSecOps standards coding best practices security requirements and quality gates within the CI/CD the evaluation selection and implementation of DevSecOps tools and platforms including source code management CI/CD orchestration container orchestration artifact management security scanning and monitoring solutions appropriate for SBAs technical leadership and oversight for the containerization and orchestration of SBA applications ensuring container images are properly secured scanned and managed in accordance with SBA security requirements and federal the planning and execution of cloud migration and modernization initiatives applying DevSecOps principles and practices to accelerate the secure migration of SBA workloads to cloud and maintain comprehensive DevSecOps documentation including pipeline architecture designs technical runbooks standards and guidelines and training materials to support SBAs DevSecOps with SBAs ISSO and security teams to ensure DevSecOps pipelines and practices support the maintenance of system Authorization to Operate (ATO) requirements including the automation of security control testing and continuous monitoring activities where and conduct code reviews architecture reviews and security reviews for DevSecOps pipeline components and infrastructure as code artifacts ensuring they meet SBAs quality and security technical mentorship and guidance to junior and mid-level engineers developers and operations staff fostering a culture of learning collaboration and continuous improvement across SBAs technical and deliver DevSecOps training workshops and knowledge-sharing sessions for SBA technical staff helping to build organizational capability and support for DevSecOps principles and practicesMonitor and analyze the performance reliability and security of SBAs DevSecOps pipelines and toolchain identifying and implementing improvements to enhance pipeline efficiency security and overall at the forefront of DevSecOps technology developments federal policy guidance and industry best practices applying this knowledge to continuously refine and improve SBAs DevSecOps and Experience:Required:Bachelors degree in Computer Science Software Engineering Information Technology Cybersecurity or a related field from an accredited college or university OR equivalent combination of education and extensive relevant work experience.7 years of progressive experience in software engineering systems engineering or DevOps/DevSecOps with significant demonstrated experience designing implementing and managing CI/CD pipelines and DevSecOps practices in a federal government or large enterprise expert-level hands-on experience with CI/CD tools and platforms such as Jenkins GitLab CI/CD GitHub Actions or similar and container orchestration platforms such as Kubernetes or Red Hat experience integrating security tools and automation into CI/CD pipelines including SAST DAST SCA and container security scanning or more of the following certifications: Certified Kubernetes Administrator (CKA) AWS Certified DevOps Engineer Microsoft Certified: DevOps Engineer Expert or equivalent senior-level DevSecOps or cloud engineering :Masters degree in Computer Science Software Engineering Information Technology or a related experience leading DevSecOps program development and implementation at a federal civilian agency preferably the SBA or a similar Kubernetes Security Specialist (CKS) AWS Certified Security Specialty or other relevant advanced cloud security or DevSecOps Hat Certified Engineer (RHCE) or Red Hat Certified Architect (RHCA) Skills and Competencies:Expert-level knowledge of DevSecOps principles methodologies and best practices and their application to the design implementation and management of secure automated software delivery pipelines in a federal government expert-level hands-on experience with CI/CD tools and platforms including Jenkins GitLab CI/CD GitHub Actions CircleCI or similar and the ability to design build and optimize complex CI/CD pipeline technical expertise in containerization and container orchestration technologies including Docker Kubernetes and Red Hat OpenShift including experience securing and managing container environments in experience with infrastructure as code (IaC) tools and practices including Terraform Ansible AWS CloudFormation or similar and their application to automated repeatable infrastructure provisioning and experience integrating security automation into CI/CD pipelines including SAST tools such as SonarQube or Checkmarx DAST tools such as OWASP ZAP or Burp Suite SCA tools such as Black Duck or Snyk and container security scanning tools such as Twistlock Aqua Security or experience with cloud platforms and services including AWS Microsoft Azure or Google Cloud Platform and the application of cloud-native DevSecOps practices and tools within federal cloud experience with source code management and collaboration platforms including Git GitHub GitLab or Bitbucket including experience with branching strategies code review processes and repository security understanding of federal cybersecurity frameworks requirements and guidance including NIST SP 800-53 NIST SP 800-218 (Secure Software Development Framework) FISMA and FedRAMP and their application to DevSecOps practices and pipeline with monitoring logging and observability tools and platforms such as ELK Stack Prometheus Grafana Splunk or similar and their integration into DevSecOps pipelines and experience with scripting and programming languages including Python Bash PowerShell or similar and their application to pipeline automation toolchain integration and infrastructure written and oral communication skills in English with the ability to clearly communicate complex DevSecOps concepts architectural designs and technical recommendations to both technical teams and senior non-technical leadership and mentorship skills with demonstrated experience guiding and developing engineers developers and operations staff in DevSecOps practices and to obtain and maintain a Public Trust clearance as required by the Skills and Competencies:Prior experience leading DevSecOps program development and implementation at the SBA or a similar federal civilian agencyIn-depth familiarity with SBAs IT environment development platforms and mission areas including an understanding of the unique challenges and opportunities associated with implementing DevSecOps within the SBA environmentExperience with artifact management and software supply chain security tools and practices including JFrog Artifactory Nexus Repository or similar and their integration into secure software delivery knowledge of service mesh technologies such as Istio or Linkerd and their application to securing microservices architectures within a DevSecOps with GitOps practices and tools such as ArgoCD or Flux and their application to automated auditable infrastructure and application with the NIST Secure Software Development Framework (SSDF) and its practical application to DevSecOps program design and implementation in a federal government supporting ATO processes and continuous monitoring programs including the automation of security control testing and evidence collection within CI/CD of software bill of materials (SBOM) concepts and tools and their application to software supply chain security and federal compliance Kubernetes Security Specialist (CKS) AWS Certified Security Specialty Microsoft Certified: Azure Security Engineer Associate or other relevant advanced cloud security with chaos engineering practices and tools and their application to improving the resilience and reliability of DevSecOps pipelines and application with federal IT acquisition and procurement processes and experience supporting the development of technical requirements and evaluation criteria for DevSecOps toolchain Equal Employment Opportunity PolicyThe company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race color religion creed ethnicity sex sexual orientation gender or gender identity (except where gender is a bona fide occupational qualification) national origin or ancestry age disability citizenship military/veteran status marital status genetic information or any other characteristic protected by applicable federal state or local law. We are committed to equal employment opportunity in all decisions related to employment promotion wages benefits and all other privileges terms and conditions of company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website please get in touch with Heaven Wood via e-mail by calling to request Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical professional and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers employees and native communities. For more information please Opportunity Employer/Veterans/ Preference in accordance with Public Law 88-352
Required Experience:
Senior IC
Koniag Data Solutions LLC a Koniag Government Services company is seeking a DevSecOps Lead Engineer to support KDS and our government customer in Washington DC. This position requires the candidate to be able to obtain a Public offer competitive compensation and an extraordinary benefits package in...
Koniag Data Solutions LLC a Koniag Government Services company is seeking a DevSecOps Lead Engineer to support KDS and our government customer in Washington DC. This position requires the candidate to be able to obtain a Public offer competitive compensation and an extraordinary benefits package including health dental and vision insurance 401K with company matching flexible spending accounts paid holidays three weeks paid time off and Data Solutions a Koniag Government Services company is seeking an experienced DevSecOps Lead Engineer to support the design implementation and management of DevSecOps practices pipelines and culture in support of the U.S. Small Business Administration (SBA). The ideal candidate is a senior-level engineering professional with deep expertise in DevSecOps methodologies CI/CD pipeline development security automation and cloud-native technologies and a proven track record of leading DevSecOps transformation efforts within complex federal government environments. This individual will serve as the technical lead and subject matter expert for SBAs DevSecOps program driving the integration of security into every phase of the software development lifecycle accelerating the delivery of secure high-quality software and fostering a culture of collaboration automation and continuous improvement across SBAs development and operations DevSecOps Lead Engineer will serve as the senior technical lead and SME for DevSecOps practices and implementation at the SBA working closely with SBAs IT leadership development teams security teams operations staff and program managers to design build and continuously improve a robust DevSecOps program that enables the rapid secure and reliable delivery of software and infrastructure solutions in support of SBAs mission. Principal responsibilities will include but are not limited to:Serve as the senior technical lead and SME for DevSecOps practices pipelines and culture at the SBA providing expert guidance strategic direction and hands-on technical leadership to development security and operations teams across the the design development implementation and continuous improvement of SBAs CI/CD pipelines and DevSecOps toolchain ensuring pipelines are automated secure scalable and aligned with SBAs software delivery and security the integration of security practices tools and automation throughout the software development lifecycle (SDLC) including static application security testing (SAST) dynamic application security testing (DAST) software composition analysis (SCA) container security scanning and infrastructure as code (IaC) security the development and implementation of SBAs DevSecOps strategy roadmap and standards ensuring alignment with federal DevSecOps guidance SBAs enterprise architecture framework and industry best the design implementation and management of infrastructure as code (IaC) practices and tools enabling automated repeatable and auditable provisioning and management of SBAs IT infrastructure and cloud with SBAs development security and operations teams to establish and enforce DevSecOps standards coding best practices security requirements and quality gates within the CI/CD the evaluation selection and implementation of DevSecOps tools and platforms including source code management CI/CD orchestration container orchestration artifact management security scanning and monitoring solutions appropriate for SBAs technical leadership and oversight for the containerization and orchestration of SBA applications ensuring container images are properly secured scanned and managed in accordance with SBA security requirements and federal the planning and execution of cloud migration and modernization initiatives applying DevSecOps principles and practices to accelerate the secure migration of SBA workloads to cloud and maintain comprehensive DevSecOps documentation including pipeline architecture designs technical runbooks standards and guidelines and training materials to support SBAs DevSecOps with SBAs ISSO and security teams to ensure DevSecOps pipelines and practices support the maintenance of system Authorization to Operate (ATO) requirements including the automation of security control testing and continuous monitoring activities where and conduct code reviews architecture reviews and security reviews for DevSecOps pipeline components and infrastructure as code artifacts ensuring they meet SBAs quality and security technical mentorship and guidance to junior and mid-level engineers developers and operations staff fostering a culture of learning collaboration and continuous improvement across SBAs technical and deliver DevSecOps training workshops and knowledge-sharing sessions for SBA technical staff helping to build organizational capability and support for DevSecOps principles and practicesMonitor and analyze the performance reliability and security of SBAs DevSecOps pipelines and toolchain identifying and implementing improvements to enhance pipeline efficiency security and overall at the forefront of DevSecOps technology developments federal policy guidance and industry best practices applying this knowledge to continuously refine and improve SBAs DevSecOps and Experience:Required:Bachelors degree in Computer Science Software Engineering Information Technology Cybersecurity or a related field from an accredited college or university OR equivalent combination of education and extensive relevant work experience.7 years of progressive experience in software engineering systems engineering or DevOps/DevSecOps with significant demonstrated experience designing implementing and managing CI/CD pipelines and DevSecOps practices in a federal government or large enterprise expert-level hands-on experience with CI/CD tools and platforms such as Jenkins GitLab CI/CD GitHub Actions or similar and container orchestration platforms such as Kubernetes or Red Hat experience integrating security tools and automation into CI/CD pipelines including SAST DAST SCA and container security scanning or more of the following certifications: Certified Kubernetes Administrator (CKA) AWS Certified DevOps Engineer Microsoft Certified: DevOps Engineer Expert or equivalent senior-level DevSecOps or cloud engineering :Masters degree in Computer Science Software Engineering Information Technology or a related experience leading DevSecOps program development and implementation at a federal civilian agency preferably the SBA or a similar Kubernetes Security Specialist (CKS) AWS Certified Security Specialty or other relevant advanced cloud security or DevSecOps Hat Certified Engineer (RHCE) or Red Hat Certified Architect (RHCA) Skills and Competencies:Expert-level knowledge of DevSecOps principles methodologies and best practices and their application to the design implementation and management of secure automated software delivery pipelines in a federal government expert-level hands-on experience with CI/CD tools and platforms including Jenkins GitLab CI/CD GitHub Actions CircleCI or similar and the ability to design build and optimize complex CI/CD pipeline technical expertise in containerization and container orchestration technologies including Docker Kubernetes and Red Hat OpenShift including experience securing and managing container environments in experience with infrastructure as code (IaC) tools and practices including Terraform Ansible AWS CloudFormation or similar and their application to automated repeatable infrastructure provisioning and experience integrating security automation into CI/CD pipelines including SAST tools such as SonarQube or Checkmarx DAST tools such as OWASP ZAP or Burp Suite SCA tools such as Black Duck or Snyk and container security scanning tools such as Twistlock Aqua Security or experience with cloud platforms and services including AWS Microsoft Azure or Google Cloud Platform and the application of cloud-native DevSecOps practices and tools within federal cloud experience with source code management and collaboration platforms including Git GitHub GitLab or Bitbucket including experience with branching strategies code review processes and repository security understanding of federal cybersecurity frameworks requirements and guidance including NIST SP 800-53 NIST SP 800-218 (Secure Software Development Framework) FISMA and FedRAMP and their application to DevSecOps practices and pipeline with monitoring logging and observability tools and platforms such as ELK Stack Prometheus Grafana Splunk or similar and their integration into DevSecOps pipelines and experience with scripting and programming languages including Python Bash PowerShell or similar and their application to pipeline automation toolchain integration and infrastructure written and oral communication skills in English with the ability to clearly communicate complex DevSecOps concepts architectural designs and technical recommendations to both technical teams and senior non-technical leadership and mentorship skills with demonstrated experience guiding and developing engineers developers and operations staff in DevSecOps practices and to obtain and maintain a Public Trust clearance as required by the Skills and Competencies:Prior experience leading DevSecOps program development and implementation at the SBA or a similar federal civilian agencyIn-depth familiarity with SBAs IT environment development platforms and mission areas including an understanding of the unique challenges and opportunities associated with implementing DevSecOps within the SBA environmentExperience with artifact management and software supply chain security tools and practices including JFrog Artifactory Nexus Repository or similar and their integration into secure software delivery knowledge of service mesh technologies such as Istio or Linkerd and their application to securing microservices architectures within a DevSecOps with GitOps practices and tools such as ArgoCD or Flux and their application to automated auditable infrastructure and application with the NIST Secure Software Development Framework (SSDF) and its practical application to DevSecOps program design and implementation in a federal government supporting ATO processes and continuous monitoring programs including the automation of security control testing and evidence collection within CI/CD of software bill of materials (SBOM) concepts and tools and their application to software supply chain security and federal compliance Kubernetes Security Specialist (CKS) AWS Certified Security Specialty Microsoft Certified: Azure Security Engineer Associate or other relevant advanced cloud security with chaos engineering practices and tools and their application to improving the resilience and reliability of DevSecOps pipelines and application with federal IT acquisition and procurement processes and experience supporting the development of technical requirements and evaluation criteria for DevSecOps toolchain Equal Employment Opportunity PolicyThe company is an equal opportunity employer. The company shall not discriminate against any employee or applicant because of race color religion creed ethnicity sex sexual orientation gender or gender identity (except where gender is a bona fide occupational qualification) national origin or ancestry age disability citizenship military/veteran status marital status genetic information or any other characteristic protected by applicable federal state or local law. We are committed to equal employment opportunity in all decisions related to employment promotion wages benefits and all other privileges terms and conditions of company is dedicated to seeking all qualified applicants. If you require an accommodation to navigate or apply for a position on our website please get in touch with Heaven Wood via e-mail by calling to request Government Services (KGS) is an Alaska Native Owned corporation supporting the values and traditions of our native communities through an agile employee and corporate culture that delivers Enterprise Solutions Professional Services and Operational Management to Federal Government Agencies. As a wholly owned subsidiary of Koniag we apply our proven commercial solutions to a deep knowledge of Defense and Civilian missions to provide forward leaning technical professional and operational solutions. KGS enables successful mission outcomes for our customers through solution-oriented business partnerships and a commitment to exceptional service delivery. We ensure long-term success with a continuous improvement approach while balancing the collective interests of our customers employees and native communities. For more information please Opportunity Employer/Veterans/ Preference in accordance with Public Law 88-352
What We Do Koniag Government Services (KGS) is an Alaska Native Corporation comprised of multiple wholly owned subsidiary companies that deliver Enterprise Solutions, Professional Services, and Operations Management to Federal Government agencies. With an agile employee and corporate
... View more