DevSecOps Manager (Government / FedRAMP Focus)
Position Summary
We are seeking a hands-on DevSecOps Manager to lead the security, DevOps, and cloud platform operations for a multi-cloud environment supporting enterprise and government-focused applications. This is a player/coach role where you'll provide technical leadership while actively contributing to engineering, security, and operational initiatives. The ideal candidate has a strong background in cloud security, DevSecOps, CI/CD, incident response, compliance (FedRAMP/SOC 2), and team leadership. This position offers excellent long-term growth into senior leadership.
Key Responsibilities
Security & Cloud Operations
Lead the security strategy across AWS, Azure, and Google Cloud environments.
Own threat modeling, security architecture, identity and access management, encryption, logging, and secure configuration standards.
Lead incident response activities, including investigation, containment, recovery, and post-incident reviews.
Improve vulnerability management and security monitoring processes.DevSecOps & Platform Engineering
Design, implement, and manage secure CI/CD pipelines.
Support migration and modernization of DevOps platforms and deployment processes.
Implement security controls including:
SAST
SASTCAS
Secrets scanning
Infrastructure-as-Code (IaC) scanning
Automated compliance evidence collection
Develop Infrastructure-as-Code standards using tools such as Terraform, CloudFormation, Bicep, or Pulumi.
Support Kubernetes and virtual machine-based application deployments.Compliance & Governance
Drive engineering initiatives supporting SOC 2 and FedRAMP
Moderate compliance
Translate security and compliance requirements into automated engineering controls.
Develop operational documentation, security standards, and audit-ready evidence.
Partner with internal compliance and audit teams to support assessments.Leadership
Lead, mentor, and develop a small DevSecOps, SOC, and platform engineering team.
Establish operational best practices, change management processes, incident reviews, and continuous improvement initiatives.
Foster a culture of automation, security, accountability, and operational excellence.
Required Qualifications
7+ years of experience in DevSecOps, Security Engineering, Platform Engineering, Site Reliability Engineering (SRE), or related roles.
Experience designing and managing secure CI/CD pipelines using Azure DevOps, GitHub Actions, or similar platforms.
Strong hands-on experience with AWS, Azure, or Google Cloud (experience in multiple cloud environments preferred).
Hands-on experience leading security incident response and vulnerability management.
Experience with SIEM platforms (Elastic preferred) and vulnerability management tools (Qualys preferred).
Experience securing Windows environments and endpoint management.
Strong leadership, communication, and mentoring skills.
Ability to work onsite in Fairfax, VA. U.S. Citizenship required.
Preferred Qualifications
Experience supporting FedRAMP Moderate, NIST 800-53, or SOC 2 compliance initiatives.
Kubernetes security experience including RBAC, network policies, workload identity, and admission controls.
Experience with software supply chain security, including SBOM, artifact signing, dependency management, and OIDC authentication.
Experience managing enterprise device fleets, patch management, staged deployments, rollback strategies, and endpoint security.
Knowledge of PKI, certificate lifecycle management, HSM, KMS, and credential management.
Experience implementing Infrastructure-as-Code using Terraform, CloudFormation, Bicep, or Pulumi.
Key Skills
DevSecOps
Cloud Security
AWS, Azure & Google Cloud
CI/CD Pipelines
GitHub Actions & Azure DevOps
Kubernetes
Infrastructure as Code (Terraform, CloudFormation, Bicep, Pulumi)
FedRAMP & SOC 2 Compliance
NIST 800-53
Incident Response
Vulnerability Management
SIEM (Elastic)
Qualys
Windows Security
Identity & Access Management (IAM)
Infrastructure Automation
Team Leadership