Senior DevSecOps Engineer

Everforth ECS is seeking a Senior DevSecOps Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Senior DevSecOps Engineer serves as the principal architect and operator of WDP's software factory and CI/CD pipeline ecosystem, driving enterprise DevSecOps modernization across IL2, IL5, IL6, and JWICS environments in support of DoW mission-owner communities, Combatant Commands, and intelligence-driven operational users. This is a senior technical leadership role responsible for setting DevSecOps strategy, enforcing security automation at every stage of the software lifecycle, and sustaining the continuous delivery infrastructure that underpins WDP's multi-enclave platform.

Executes enterprise DevSecOps modernization for the War Data Platform (WDP) Core Integration program by architecting, operating, and optimizing software factory pipelines across NIPRNet, SIPRNet, and JWICS to support mission-critical analytics for Department of War leadership, Combatant Commands, and intelligence-driven operational communities.

Designs integrated development, security, testing, and deployment workflows using GitLab, Jenkins, Kubernetes, ArgoCD, Terraform, CloudFormation, Nexus, Harbor, SonarQube, Anchore, Trivy, Sysdig, and OpenSCAP to maintain software integrity, traceability, and compliance across development, test, integration, staging, and production environments.

Leads continuous pipeline development, automation scripting, and multi-environment integration activities supporting IL2, IL5, IL6, and JWICS enclaves.

Sets the DevSecOps strategy for the program, evaluates emerging commercial and open-source tooling, develops adoption recommendations, and drives modernization initiatives that strengthen automation coverage and operational resilience.

Coordinates incident-response activities across engineering, cybersecurity, and platform-operations teams, escalates critical issues to program leadership, and governs change-control processes, audit schedules, and compliance reporting.

Designs secure CI/CD pipelines that automatically build, test, scan, and deploy War Data Platform (WDP) Core Integration IaC, CaC, and application code.

Develops and maintains Infrastructure-as-Code and Configuration-as-Code repositories encoding classification-specific security baselines.

Runs automated STIG and NIST compliance checks, dynamic scans, and remediation workflows after each change.

Implements observability and incident-response hooks feeding metrics, logs, and alerts into the SIEM.

Maintains documentation, runbooks, and knowledge-transfer materials for all DevSecOps tooling and security policies.

Enforces protected branches, merge-request approvals, signed-commit requirements, artifact-signing procedures, and automated pre-receive checks for SAST, secret-leak detection, and IaC linting.

Maintains continuous vulnerability monitoring, artifact governance, and repository integrity.

Produces architecture updates, maturity assessments, performance reports, and roadmap recommendations that accelerate release cycles, strengthen compliance posture, and enhance mission readiness across the War Data Platform (WDP) Core Integration enterprise.

Performs other duties as assigned.

Requirements:

Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).

10–12 years of experience in DevSecOps engineering, platform engineering, software factory operations, or a closely related technical discipline, with demonstrated senior-level ownership of CI/CD pipeline architecture and automated security integration in federal or enterprise environments.

IAT Level II certification from an approved credential, including CompTIA Security+ CE, CompTIA CySA+, CompTIA Cloud+, Cisco CCNA Security, GIAC GSEC, GIAC GCED, or ISC² SSCP.

Demonstrated hands-on expertise with GitLab CI/CD, Kubernetes, ArgoCD, and Infrastructure-as-Code tools such as Terraform or CloudFormation, with applied experience operating software factories across multiple classified or government cloud enclaves spanning unclassified through Top Secret environments.

Proven experience integrating automated security scanning, STIG compliance validation, container image scanning, and secrets detection into DevSecOps pipelines using tools such as SonarQube, Anchore, Trivy, Sysdig, or OpenSCAP in support of Authority to Operate (ATO) and continuous monitoring obligations.

Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.

Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Req Benefits:

Benefits - Everforth ECS