Everforth ECS is seeking a Senior Artifact Scanning & Policy Engineer to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

This role implements scanning stages and policy-as-code enforcement for AI and machine-learning serving artifacts within WDP Core Integration deployment pipelines, maintaining enclave-parity scanning standards and supply-chain integrity across Unclassified, SIPR, and JWICS environments to protect mission-critical AI model deployments from vulnerability and configuration risk.
• Implements scanning stages and policy-as-code enforcement for artificial intelligence and machine-learning serving artifacts within unclassified War Data Platform (WDP) Core Integration deployment pipelines supporting Department of War missions, Joint Staff analysts, Combatant Command elements, and Senior Executive Service leadership.
• Develops scanning logic, rule sets, and enforcement patterns that validate artifact integrity, security posture, dependency provenance, and configuration compliance prior to deployment.
• Applies Kubernetes, GitLab Continuous Integration, SonarQube, Tenable Nessus, Elastic Stack, VMware environments, and hardened artifact repositories to execute vulnerability assessments, integration checks, and policy-driven gating actions.
• Conducts rule tuning, signature refinement, and policy updates to maintain alignment with evolving mission assurance requirements, cross-domain security architectures, and enterprise DevSecOps standards.
• Maintains higher-domain parity for scanning and policy enforcement across SIPR and JWICS enclaves by adapting rule sets, resolving enclave-specific constraints, and coordinating exception-handling workflows with multi-national engineering teams and cross-service mission partners.
• Produces mission-critical deliverables-including scanning policy documentation, policy-as-code modules, exception-handling records, vulnerability disposition reports, operational risk assessments, and deployment-readiness artifacts.
• Strengthens program value by advancing supply-chain integrity, reinforcing deployment consistency, and supporting continuous release operations across all enclaves.
• Supports Tier-4 incident-response actions by providing authoritative scanning evidence, policy-compliance documentation, and remediation guidance required for operational continuity and sustained mission performance.
• Performs other duties as assigned.
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance.
• CompTIA A+ certification.
• Minimum 10 years of experience implementing artifact scanning frameworks, policy-as-code enforcement, and DevSecOps pipeline security controls within classified or federal multi-enclave environments.
• Demonstrated hands-on experience with vulnerability-scanning and pipeline-security tools-including Kubernetes, GitLab CI, SonarQube, and Tenable Nessus-with a proven ability to develop rule sets, tune signatures, and enforce policy-driven gating actions across AI/ML artifact deployment pipelines.
• Proven ability to maintain enclave-parity scanning and policy enforcement across NIPRNet, SIPRNet, and JWICS, including experience adapting rule sets to resolve enclave-specific constraints and managing exception-handling workflows in collaboration with multi-national engineering partners.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).