Description

The Multi Domain Solutions Division at Leidos is looking for an experienced Senior DevSecOps Engineer to support a fast-paced program with the Air Force Life Cycle Management Center. This role is critical in establishing robust security practices throughout the software development lifecycle and ensuring compliance with stringent security standards. The ideal candidate will have extensive experience in DevSecOps, strong leadership abilities, and a commitment to fostering a culture of security within the organization. This position offers an exciting opportunity to shape the security landscape of an Air Force program, ensuring the secure development of software in a dynamic and innovative environment.

• Lead the design and implementation of security practices within the DevOps pipeline for DoD applications, ensuring alignment with regulatory requirements.
• Evaluate and select security tools, integrating them into CI/CD workflows to enhance application security.
• Conduct advanced vulnerability assessments, threat modeling, and penetration testing to proactively identify and mitigate security risks.
• Collaborate with cross-functional teams to develop and promote secure coding practices, incident response plans, and security training.
• Mentor and guide junior and mid-level engineers, fostering knowledge sharing and professional growth within the team.
• Drive the automation of security testing and compliance processes, utilizing Infrastructure as Code (IaC) and security automation tools.
• Stay abreast of industry trends, emerging threats, and best practices in DevSecOps and cybersecurity to continually improve security posture.
• Assessing, designing, developing, testing, and implementing Business Continuity & Disaster Recovery (BC/DR) solutions into a complex environment.

• US Citizen and at least a Top Secret Clearance
• 8+ years of experience and a Bachelor's or advanced degree in Computer Science or similar field. Additional Experience may be considered in lieu of degree.
• Strong understanding of software development paradigms and supporting technologies (e.g. change management & version control, CI/CD, Agile planning tools such as Jira or Gitlab)
• Strong experience configuring CI/CD pipelines supporting software development activities in a DevSecOps environment
• Strong experience administering complex environments with Linux and Windows operating systems, network administration, and networking protocols/functions (e.g., HTTP, HTTPS, SSL/TLS, SMTP, DNS)
• Extensive experience integrating security tooling into a hybrid cloud environment, with a nuanced understanding of the capabilities and drawbacks of each component
• Extensive experience provisioning and managing resources within hybrid IaaS/Cloud infrastructures (e.g., Azure, AWS, Google Cloud Platform, etc.)
• Extensive experience with container technologies such as Docker and container orchestration tools like Kubernetes
• Experience with automated provisioning and configuration tools like Terraform, CloudFormation, Chef, Puppet, Ansible or similar technologies
• Experience integrating cloud services into solutions, especially Azure cloud services
• Excellent problem solving and analysis skills, including the ability to logically create structure and order from unstructured inputs.
• Self-starter that is able to work independently while possessing the communication skills to work effectively with software development teams and customers.
• Excellent interpersonal, verbal and written communication skills.

• Experience with Air Force Life Cycle Management Center programs.
• Microsoft Certified: Azure Solutions Architect Expert or similar certification.
• Advanced certifications such as Certified Information Systems Security Professional (CISSP), Certified DevSecOps Engineer (CDE), or similar.
• Extensive experience with security tools and practices relevant to DevSecOps (e.g., SAST, DAST, IAST).
• Experience deploying, configuring, and managing DevSecOps toolchains for an enterprise
• Familiarity with cloud platforms (e.g., AWS, Azure, Google Cloud) and their security frameworks.
• Strong understanding of container security and orchestration tools (e.g., Kubernetes).
• Experience delivering software solutions into high-security or air-gapped environments in defense or other highly regulated industries such as finance or healthcare
• Experience with compliance standards (e.g., OWASP, NIST) and DoD security regulations.
• Proven ability to drive change and influence security culture across an organization.