Koniag Government Services

DevSecOps Lead Engineer

Koniag Government Services$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Computer Science, IT, Cybersecurity, or related field, or equivalent experience.
  • 7+ years in software/system engineering or DevOps/DevSecOps, mainly in a federal government environment.
  • Expert-level hands-on experience with CI/CD tools like Jenkins, GitLab CI/CD, or GitHub Actions.
  • Experience with container orchestration platforms, preferably Kubernetes or Red Hat OpenShift.
  • One or more advanced certifications in DevSecOps or cloud engineering.

Responsibilities

  • Serve as the senior technical lead for DevSecOps practices at SBA, guiding cross-functional teams.
  • Design and implement CI/CD pipelines, ensuring automation, security, and scalability.
  • Integrate security tools and practices throughout the software development lifecycle (SDLC).
  • Develop and manage SBA's DevSecOps strategy and roadmap, aligning with federal guidelines.
  • Establish and enforce DevSecOps standards and best practices across teams.
  • Lead tool evaluation and selection for DevSecOps solutions to enhance the software delivery process.
  • Provide mentorship to junior staff and lead training sessions on DevSecOps practices.

Benefits

  • Health, dental, and vision insurance.
  • 401K plan with company matching.
  • Flexible spending accounts.
  • Three weeks of paid time off.
  • Paid holidays.
Full Job Description
DevSecOps Lead Engineer to support KDS and our government customer in Washington, DC. This position requires the candidate to be able to obtain a Public Trust.

We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more.

Koniag Data Solutions, a Koniag Government Services company, is seeking an experienced DevSecOps Lead Engineer to support the design, implementation, and management of DevSecOps practices, pipelines, and culture in support of the U.S. Small Business Administration (SBA). The ideal candidate is a senior-level engineering professional with deep expertise in DevSecOps methodologies, CI/CD pipeline development, security automation, and cloud-native technologies, and a proven track record of leading DevSecOps transformation efforts within complex federal government environments. This individual will serve as the technical lead and subject matter expert for SBA's DevSecOps program, driving the integration of security into every phase of the software development lifecycle, accelerating the delivery of secure, high-quality software, and fostering a culture of collaboration, automation, and continuous improvement across SBA's development and operations teams.

The DevSecOps Lead Engineer will serve as the senior technical lead and SME for DevSecOps practices and implementation at the SBA, working closely with SBA's IT leadership, development teams, security teams, operations staff, and program managers to design, build, and continuously improve a robust DevSecOps program that enables the rapid, secure, and reliable delivery of software and infrastructure solutions in support of SBA's mission.

Principal responsibilities will include but are not limited to:
  • Serve as the senior technical lead and SME for DevSecOps practices, pipelines, and culture at the SBA, providing expert guidance, strategic direction, and hands-on technical leadership to development, security, and operations teams across the organization.
  • Lead the design, development, implementation, and continuous improvement of SBA's CI/CD pipelines and DevSecOps toolchain, ensuring pipelines are automated, secure, scalable, and aligned with SBA's software delivery and security requirements.
  • Drive the integration of security practices, tools, and automation throughout the software development lifecycle (SDLC), including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), container security scanning, and infrastructure as code (IaC) security scanning.
  • Lead the development and implementation of SBA's DevSecOps strategy, roadmap, and standards, ensuring alignment with federal DevSecOps guidance, SBA's enterprise architecture framework, and industry best practices.
  • Oversee the design, implementation, and management of infrastructure as code (IaC) practices and tools, enabling automated, repeatable, and auditable provisioning and management of SBA's IT infrastructure and cloud environments.
  • Collaborate with SBA's development, security, and operations teams to establish and enforce DevSecOps standards, coding best practices, security requirements, and quality gates within the CI/CD pipeline.
  • Lead the evaluation, selection, and implementation of DevSecOps tools and platforms, including source code management, CI/CD orchestration, container orchestration, artifact management, security scanning, and monitoring solutions appropriate for SBA's environment.
  • Provide technical leadership and oversight for the containerization and orchestration of SBA applications, ensuring container images are properly secured, scanned, and managed in accordance with SBA security requirements and federal guidelines.
  • Support the planning and execution of cloud migration and modernization initiatives, applying DevSecOps principles and practices to accelerate the secure migration of SBA workloads to cloud environments.
  • Develop and maintain comprehensive DevSecOps documentation including pipeline architecture designs, technical runbooks, standards and guidelines, and training materials to support SBA's DevSecOps program.
  • Collaborate with SBA's ISSO and security teams to ensure DevSecOps pipelines and practices support the maintenance of system Authorization to Operate (ATO) requirements, including the automation of security control testing and continuous monitoring activities where applicable.
  • Lead and conduct code reviews, architecture reviews, and security reviews for DevSecOps pipeline components and infrastructure as code artifacts, ensuring they meet SBA's quality and security standards.
  • Provide technical mentorship and guidance to junior and mid-level engineers, developers, and operations staff, fostering a culture of learning, collaboration, and continuous improvement across SBA's technical teams.
  • Develop and deliver DevSecOps training, workshops, and knowledge-sharing sessions for SBA technical staff, helping to build organizational capability and support for DevSecOps principles and practices
  • Monitor and analyze the performance, reliability, and security of SBA's DevSecOps pipelines and toolchain, identifying and implementing improvements to enhance pipeline efficiency, security, and overall effectiveness.
  • Stay at the forefront of DevSecOps technology developments, federal policy guidance, and industry best practices, applying this knowledge to continuously refine and improve SBA's DevSecOps program.

Education and Experience:

Required:
  • Bachelor's degree in Computer Science, Software Engineering, Information Technology, Cybersecurity, or a related field from an accredited college or university, OR equivalent combination of education and extensive relevant work experience.
  • 7+ years of progressive experience in software engineering, systems engineering, or DevOps/DevSecOps, with significant demonstrated experience designing, implementing, and managing CI/CD pipelines and DevSecOps practices in a federal government or large enterprise environment.
  • Demonstrated expert-level hands-on experience with CI/CD tools and platforms such as Jenkins, GitLab CI/CD, GitHub Actions, or similar, and container orchestration platforms such as Kubernetes or Red Hat OpenShift.Demonstrated experience integrating security tools and automation into CI/CD pipelines including SAST, DAST, SCA, and container security scanning solutions.
  • One or more of the following certifications: Certified Kubernetes Administrator (CKA), AWS Certified DevOps Engineer, Microsoft Certified: DevOps Engineer Expert, or equivalent senior-level DevSecOps or cloud engineering certification.

Desired:
  • Master's degree in Computer Science, Software Engineering, Information Technology, or a related field.
  • Prior experience leading DevSecOps program development and implementation at a federal civilian agency, preferably the SBA or a similar organization.
  • Certified Kubernetes Security Specialist (CKS), AWS Certified Security - Specialty, or other relevant advanced cloud security or DevSecOps certifications.
  • Red Hat Certified Engineer (RHCE) or Red Hat Certified Architect (RHCA) certification.

Required Skills and Competencies:
  • Expert-level knowledge of DevSecOps principles, methodologies, and best practices and their application to the design, implementation, and management of secure, automated software delivery pipelines in a federal government environment.
  • Demonstrated expert-level hands-on experience with CI/CD tools and platforms including Jenkins, GitLab CI/CD, GitHub Actions, CircleCI, or similar, and the ability to design, build, and optimize complex CI/CD pipeline architectures.
  • Deep technical expertise in containerization and container orchestration technologies including Docker, Kubernetes, and Red Hat OpenShift, including experience securing and managing container environments in production.
  • Extensive experience with infrastructure as code (IaC) tools and practices including Terraform, Ansible, AWS CloudFormation, or similar, and their application to automated, repeatable infrastructure provisioning and management.
  • Strong experience integrating security automation into CI/CD pipelines including SAST tools such as SonarQube or Checkmarx, DAST tools such as OWASP ZAP or Burp Suite, SCA tools such as Black Duck or Snyk, and container security scanning tools such as Twistlock, Aqua Security, or Anchore.
  • Solid experience with cloud platforms and services including AWS, Microsoft Azure, or Google Cloud Platform, and the application of cloud-native DevSecOps practices and tools within federal cloud environments.
  • Proficient experience with source code management and collaboration platforms including Git, GitHub, GitLab, or Bitbucket, including experience with branching strategies, code review processes, and repository security practices.
  • Solid understanding of federal cybersecurity frameworks, requirements, and guidance including NIST SP 800-53, NIST SP 800-218 (Secure Software Development Framework), FISMA, and FedRAMP, and their application to DevSecOps practices and pipeline security.
  • Experience with monitoring, logging, and observability tools and platforms such as ELK Stack, Prometheus, Grafana, Splunk, or similar, and their integration into DevSecOps pipelines and operations.
  • Strong experience with scripting and programming languages including Python, Bash, PowerShell, or similar, and their application to pipeline automation, toolchain integration, and infrastructure management.
  • Exceptional written and oral communication skills in English, with the ability to clearly communicate complex DevSecOps concepts, architectural designs, and technical recommendations to both technical teams and senior non-technical audiences.
  • Strong leadership and mentorship skills with demonstrated experience guiding and developing engineers, developers, and operations staff in DevSecOps practices and culture.
  • Ability to obtain and maintain a Public Trust clearance as required by the SBA.

Desired Skills and Competencies:
  • Prior experience leading DevSecOps program development and implementation at the SBA or a similar federal civilian agency
  • In-depth familiarity with SBA's IT environment, development platforms, and mission areas, including an understanding of the unique challenges and opportunities associated with implementing DevSecOps within the SBA environment
  • Experience with artifact management and software supply chain security tools and practices including JFrog Artifactory, Nexus Repository, or similar, and their integration into secure software delivery pipelines.
  • Advanced knowledge of service mesh technologies such as Istio or Linkerd and their application to securing microservices architectures within a DevSecOps context.
  • Experience with GitOps practices and tools such as ArgoCD or Flux and their application to automated, auditable infrastructure and application deployments.
  • Familiarity with the NIST Secure Software Development Framework (SSDF) and its practical application to DevSecOps program design and implementation in a federal government environment.
  • Experience supporting ATO processes and continuous monitoring programs, including the automation of security control testing and evidence collection within CI/CD pipelines.
  • Knowledge of software bill of materials (SBOM) concepts and tools and their application to software supply chain security and federal compliance requirements.
  • Certified Kubernetes Security Specialist (CKS), AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, or other relevant advanced cloud security certifications.
  • Experience with chaos engineering practices and tools and their application to improving the resilience and reliability of DevSecOps pipelines and application deployments.
  • Familiarity with federal IT acquisition and procurement processes and experience supporting the development of technical requirements and evaluation criteria for DevSecOps toolchain acquisitions.

About Koniag Government Services

Koniag Government Services Careers

Join the dynamic team at Koniag Government Services, a leader in providing innovative solutions to government clients. This esteemed company offers a plethora of job opportunities that pave the way for professional growth and career advancement in a diverse and inclusive environment.

Explore Career Opportunities

Koniag Government Services is actively hiring and offers a range of positions that cater to various skills and experiences. Whether you're a seasoned professional or a recent graduate, Koniag Government Services provides a platform to enhance your career through meaningful work in a supportive culture.

Innovation and Leadership

At the forefront of innovation, Koniag Government Services encourages its team to lead with creativity and strategic thinking. The company is committed to leadership development and diversity training, ensuring that all team members have the opportunity to excel and contribute to industry-leading projects.

Professional Growth and Development

Koniag Government Services is dedicated to the professional development of its employees. With comprehensive benefits, competitive employment packages, and opportunities for advancement, the company supports its team in achieving their career goals. Networking within the company and industry is encouraged, fostering a community of learning and mutual growth.

Internship Programs

For those starting their career journey, Koniag Government Services offers internship programs that provide real-world experience and a pathway to full-time employment. Interns gain valuable industry knowledge and develop essential skills under the guidance of experienced mentors.

Commitment to Diversity and Inclusion

Diversity is at the core of Koniag Government Services' values. The company is committed to creating an inclusive environment where diverse voices are heard and valued. Diversity training is integral, equipping the team with the tools to thrive in a multicultural setting.

Applying for a Position

To apply for a position at Koniag Government Services, candidates should prepare a resume that highlights relevant experience and skills. The interview process is designed to assess fit both for the role and the company culture, ensuring alignment with the team’s values and objectives.

Stay Connected with Koniag Government Services Careers

Explore the various job opportunities and embark on a path of professional growth and innovation. Koniag Government Services is not just a workplace but a community where careers flourish in an environment of respect, integrity, and continuous learning.

Search Koniag Government Services Jobs

Discover the exciting career opportunities available at Koniag Government Services. Search for open positions that match your skills and interests, and join a team that values curiosity, creativity, and collaboration.

Keep Up to Date

Stay informed with the latest career tips, industry insights, and company updates directly from Koniag Government Services. Engage with content that can transform your professional journey and lead to rewarding opportunities.

Job Alert Emails

Personalize your subscription to receive job alerts and insider tips tailored to your preferences from Koniag Government Services. See what exciting and rewarding opportunities await in the field of government services.
Learn more about Koniag Government Services
Size
501 employees
Industry

Similar Jobs

More Jobs at Koniag Government Services

  • Koniag Government Services
    Senior Cost Estimator
    $90K — $120K *
    Warrenton, VA 20187 (Fauquier County)
    Aerospace & Defense
    In-Person
  • Koniag Government Services
    Zero Trust Architect
    $120K — $150K *
    Fort Washington, MD 20744 (Prince Georges County)
    Education, Government & Non-Profit
    In-Person
  • Koniag Government Services
    Cryptographic Engineer Lead
    $120K — $150K *
    Washington, DC 20011 (District Of Columbia County)
    Education, Government & Non-Profit
    In-Person
  • Koniag Government Services
    Cryptographic Engineer Lead
    $120K — $150K *
    Fort Washington, MD 20744 (Prince Georges County)
    Information Technology
    In-Person
  • Koniag Government Services
    Systems Engineer
    $90K — $120K *
    Washington, DC 20011 (District Of Columbia County)
    Education, Government & Non-Profit
    In-Person

More Information Technology Jobs

Find similar DevSecOps Lead Engineer jobs: