Everforth ECS is seeking a DevSecOps/Supply Chain Lead SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

This role defines enterprise scanning policy and acceptance thresholds for vulnerability assessments executed within WDP Core Integration deployment pipelines, establishing and enforcing supply chain risk governance across Kubernetes, VMware, GitLab CI, and artifact repositories to protect AI and machine learning model serving missions across all classification enclaves.
• Defines enterprise scanning policy and acceptance thresholds for vulnerability assessments executed within War Data Platform (WDP) Core Integration deployment pipelines supporting artificial intelligence and machine learning model serving missions for Department of War programs, Joint Staff analysts, Combatant Command elements, and Senior Executive Service leadership.
• Establishes governance for all serving artifacts by developing vulnerability-classification standards, remediation pathways, and deploy-blocking criteria aligned with mission assurance requirements and cross-domain security architectures.
• Coordinates remediation service-level agreements with engineering teams by directing triage workflows, validating corrective actions, and maintaining authoritative records of vulnerability disposition across Kubernetes clusters, VMware environments, GitLab Continuous Integration pipelines, SonarQube dashboards, Tenable Nessus scans, and artifact repositories.
• Implements DevSecOps supply-chain methodologies to validate software provenance, dependency integrity, and hardened configuration baselines for all model-runtime components, API endpoints, and deployment templates.
• Produces mission-critical deliverables-including scanning policy documentation, acceptance threshold definitions, remediation tracking reports, operational risk assessments, and release governance artifacts.
• Leads collaboration with Platform One, Cloud One, multi-national engineering teams, and cross-service mission partners to strengthen operational readiness, reinforce deployment consistency, and advance program value commitments across all enclaves.
• Supports Tier-4 incident response actions by providing authoritative vulnerability evidence, remediation guidance, and supply chain integrity documentation required for rapid triage and sustained mission performance.
• Performs other duties as assigned.
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• CompTIA A+ certification.
• Minimum 12 years of experience in DevSecOps, supply chain risk management, or cybersecurity engineering roles within classified or federal environments.
• Hands-on experience with vulnerability-scanning and pipeline-security tools, including Tenable Nessus, SonarQube, and GitLab CI, with demonstrated ability to define scan policies, set acceptance thresholds, and direct remediation workflows.
• Proven ability to design and enforce DevSecOps supply-chain best practices-including software provenance validation, dependency integrity checks, Software Bill of Materials (SBOM) development, and hardened configuration baselines-across containerized and cloud-native platforms.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).