DevSecOps Project Engineer II
Sierra Nevada Corporation · Plano, TX · 1 mo ago
EngineeringFull-time
Responsibilities
- Develop and manage detailed project plans, sprint/release schedules, and budgets for DSOP and tooling initiatives.
- Manage cross-functional delivery teams comprising software engineers, platform engineers, and security specialists.
- Track delivery milestones, manage backlog priorities, and communicate status to program and customer stakeholders.
- Architect, implement, and oversee CI/CD pipelines supporting automated build, test, security scanning, and deployment workflows.
- Define and enforce DevSecOps standards including SAST/DAST integration, software composition analysis (SCA), and container image scanning.
- Lead selection, procurement, integration, and maintenance of software toolchains (e.g., GitLab, Jenkins, Artifactory, SonarQube, Jira, Confluence, Kubernetes).
- Oversee platform-as-code practices including infrastructure-as-code (IaC), configuration management, and environment-as-code.
- Ensure pipelines and tooling comply with NIST 800-53, CMMC, RMF, and applicable cyber security frameworks.
- Support accreditation activities (ATO processes) by documenting pipeline controls and providing technical evidence to ISSO/ISSM.
- Serve as the primary technical point of contact for customers and end-users regarding DevSecOps capabilities and tooling roadmaps.
- Facilitate tool onboarding, developer enablement, and adoption efforts across multiple program teams.
- Present pipeline maturity metrics, deployment velocity, and quality gate status at program reviews.
- Prepare comprehensive status reports covering pipeline health, tool availability, delivery throughput, security posture, and open risks.
- Maintain dashboards and metrics that reflect DORA metrics (deployment frequency, lead time, MTTR, change failure rate).
- Identify systemic pipeline failures, tool integration bottlenecks, or security compliance gaps and develop rapid resolution plans.
- Own the DSOP Risk Register — document toolchain risks, supply chain software risks, and dependency vulnerabilities.
- Develop contingency strategies for pipeline outages, tool end-of-life transitions, and accreditation gaps.
- Drive continuous improvement of pipeline speed, quality gate effectiveness, and developer experience.
- Evaluate and pilot emerging DevSecOps tools and practices; present cost-benefit analyses to leadership.
- Lead shift-left security initiatives and coach development teams on secure coding and automated testing practices.
- Develop and manage risk identification, documentation, and mitigation planning.
Qualifications
- Bachelor's degree in Computer Science, Software Engineering, Systems Engineering, or closely related technical field.
- 10+ years of progressive engineering experience, including 2+ years in a technical lead or engineering project lead role.
- Direct, hands-on experience designing and managing CI/CD pipelines in an enterprise or program environment (GitLab CI, Jenkins, GitHub Actions, or equivalent).
- Practical experience integrating automated security tooling (SAST, DAST, SCA, image scanning) into CI/CD workflows.
- Experience with container orchestration platforms — specifically Kubernetes and Docker — in a production or program-of-record context.
- Working knowledge of Infrastructure-as-Code tools (Terraform, Ansible, Helm, or equivalent) used operationally.
- Experience with artifact management and software supply chain security (Artifactory, Nexus, SBOM generation).
- Familiarity with RMF/ATO processes and how DevSecOps pipelines interface with accreditation requirements.
- Experience creating and managing project schedules, tracking technical tasks, and reporting status to program and customer leadership.
- Excellent written and verbal communication skills, with ability to explain complex pipeline and tooling concepts to non-technical stakeholders.