Overview
IvoryCloud is seeking a Platform / DevSecOps Engineer Lead to architect, operate, and sustain the continuous integration / continuous delivery (CI/CD) pipeline, cloud infrastructure, and security automation framework for a mission-critical federal enterprise system operating across NIPR and SIPR environments supporting defense security cooperation/Foreign Military Sales related space. This is a Key Personnel position responsible for engineering the delivery pipeline as a standing audit-evidence artifact and for advancing configuration management, access control, and segregation of duties compliance objectives. The ideal candidate brings deep cloud platform engineering experience in federal environments, demonstrated DOW cross-domain solution (CDS) expertise, and the disciplined judgment required to evolve a complex mission system without destabilizing the operational continuity it supports.
Requirements
· U.S. Citizenship: Required, Non-negotiable. (This differs from eligibility to work in the U.S.)
· Clearance: Active Secret clearance required.
· Minimum Years Experience: 10 years of platform, DevOps, or infrastructure engineering experience, including a minimum of 5 years supporting U.S. federal customers and 3 years leading CI/CD or cloud platform engineering on enterprise-scale mission systems.
· Location: National Capital Region (NCR); hybrid schedule with regular on-site presence at client Northern Virginia site and company headquarters in Rockville, Maryland. Must reside within commuting distance of the NCR and be available to report on-site within three hours of request.
· Demonstrated expert proficiency with Azure GovCloud or AWS GovCloud, including IaaS, PaaS, Kubernetes (AKS/EKS), and Helm; equivalent GovCloud platform experience considered.
· Demonstrated experience engineering and operating CI/CD pipelines with hard security gates - including SAST, SCA, container image scanning, DAST, IaC scanning, accessibility validation, and STIG compliance on production federal workloads.
· Exceptional oral and written communication skills, including the ability to brief technical leadership, government cybersecurity teams, and the Information System Security Officer (ISSO) on pipeline architecture and audit-evidence posture.
· Direct experience with Infrastructure as Code (Terraform, Ansible, or equivalent) deployed against federal production environments, with environment parity enforced between NIPR and SIPR.
· Demonstrated experience engineering Cross-Domain Solutions (CDS) for code or data transfer between security enclaves including signed-artifact promotion, integrity verification, and documented audit logging across the transfer boundary..
Education
· Bachelor's degree in Computer Science, Computer Engineering, Information Systems, Cybersecurity, or a related technical discipline. Master's degree in a related technical discipline preferred.
· Equivalent professional experience may be considered in lieu of formal degree on a case-by-case basis.
Certifications
· Desired certifications include:
o Microsoft Certified: Azure Administrator Associate (AZ-104) or AWS Certified Solutions Architect - Associate
o Microsoft Certified: Azure Solutions Architect Expert (AZ-305)
o Certified Kubernetes Administrator (CKA)
o HashiCorp Certified: Terraform Associate
o AWS Certified DevOps Engineer - Professional
o CompTIA Security+
o Certified Information Systems Security Professional (CISSP)
Job Description
· Serve as the single point of accountability for the program CI/CD pipeline, cloud platform architecture, and security automation framework across NIPR and SIPR environments.
· Engineer and operate the CI/CD pipeline as a standing audit-evidence artifact, ensuring every production change carries documented SAST, SCA, container scan, DAST, IaC scan, automated test, accessibility scan, and STIG compliance verification - sufficient evidence for independent audit review without separate documentation effort.
· Directly address configuration management audit findings by engineering pipeline artifacts - immutable build records, signed commits, peer-reviewed pull requests, and automated change approvals - as the system of record for every change reaching production.
· Engineer and enforce documented role separation between developer, tester, Government Product Owner approver, and ISSO accounts in the pipeline, directly supporting access control and segregation of duties compliance objectives.
· Architect and operate cloud infrastructure for the program, including IaaS, PaaS, Kubernetes, and supporting platform services across NIPR and SIPR enclaves.
· Engineer environment parity between development, test, staging, and production environments using Infrastructure as Code, ensuring every environment is reproducible, auditable, and security compliant.
· Engineer blue/green deployment topology and feature-toggle infrastructure enabling zero-downtime releases and rollback-ready production transitions.
· Engineer and sustain CDS for code and data transfer from NIPR to SIPR, including signed-artifact promotion through CDS appliances with integrity verification, full audit logging of transfer events, and commit-hash traceability supporting rollback at any point.
· Engineer STIG-hardened base container images and operate continuous compliance scanning across the production estate.
· Architect and operate a Zero Trust framework for the program - prioritizing the User, Device, and Application/Workload pillars per DoD Zero Trust guidance, with documented Comply to Connect (C2C) integration for device posture validation.
· Architect and operate the program observability stack - including SIEM aggregation, application performance monitoring, distributed tracing, and real-time alerting feeding both operational dashboards and the standing audit-evidence record.
· Engineer disaster recovery topology targeting defined RTO and RPO thresholds; lead annual DR exercises and report results to the COR.
· Partner with the Cybersecurity / ISSO to maintain the system's RMF record, manage POA&M items, conduct continuous monitoring, and produce the documented evidence base required for audit review.
· Engineer automated security response playbooks for repeatable, audit-ready incident handling - including automated evidence collection, incident-response runbooks, and integrated change-management workflows.
· Partner with the Backend Engineering Lead to ensure application architecture aligns with platform capabilities - service mesh policies, mutual TLS between services, OAuth 2.0 + JWT enforcement, and rate-limiting policies engineered at the platform layer.
· Engineer and operate the data-pipeline platform supporting the Data Engineer's enterprise data feeds - including ETL/ELT runtime, lineage logging, and data-quality validation embedded in CI/CD.
· Contribute to program reporting and mission value communications by producing platform-health, audit-readiness, and security-posture indicators for government leadership and oversight bodies.
· Maintain a continuously refreshed platform risk register tracking technical, operational, cybersecurity, and audit-related risks with documented mitigation owners and current status visible via shared project management dashboards.
· Ensure team adherence to established CMMI Level 3 DEV and SVC appraised processes for configuration management, decision analysis and resolution, supplier agreement management, and integrated project management as applied to platform engineering.
· Represent platform and DevSecOps capability in technical interchange meetings, joint cross-agency cybersecurity working groups, and Change Control Board reviews; provide platform feasibility input to program and product leadership.
· Mentor and develop supporting Platform Engineers and Backend Engineers on platform-adjacent concerns; support recruiting, onboarding, and professional development of the broader platform team.
· Research and evaluate emerging DevSecOps practices, platform engineering tooling, and federal cloud capability evolutions - recommending pragmatic adoption only where direct delivery acceleration, audit-evidence improvement, or operational reliability gain is demonstrable.
Preferred Qualifications
· Demonstrated experience engineering and operating CI/CD pipelines within a CMMI Level 3 or higher appraised Agile delivery organization across both NIPR and SIPR environments.
· Direct experience engineering CDS environments at classified government facilities, including VDI integration, secure enclave coordination, and 24/7 mission-continuity operations.
· Experience supporting DOW enterprise data ecosystems, RMF/ATO processes, or comparable federal cybersecurity governance frameworks.
· Experience operating federal cloud workloads at significant scale - large user populations and high-volume transactional throughput across geographically distributed user communities.
· Direct experience with defense security cooperation, Foreign Military Sales (FMS), or comparable mission domains and their enterprise systems.
· Track record of platform or DevSecOps work cited in audit-finding closure, security posture improvement, or release-cadence acceleration on federal program performance reviews.
Benefits
· Salaried position and eligible for participation in company and Business Development bonus programs
· Full-time benefits include:
- 401(k)
- 401(k) matching
- Dental insurance
- Health insurance
- Life insurance
- Paid time off
- Referral program
- Retirement plan
- Vision insurance
About IvoryCloud
IvoryCloud is a growing 8(a) certified small business. Our work with Federal and commercial clients includes Mission Systems development, modernization, and support, Software services, AI/ML engineering, Enterprise Cybersecurity, and Mission Optimization services. We are a growing, privately held small business located in Rockville, MD. IvoryCloud is an Equal Opportunity Employer (EEO).
Pay: $155,000.00 - $185,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Flexible schedule
- Health insurance
- Life insurance
- Paid time off
- Referral program
- Vision insurance
Application Question(s):
- This role requires U.S. citizenship. Please type 'citizen' if you meet this requirement.
- Do you meet the hybrid requirements of on-site work in Arlington, VA and Rockville, MD?
- Please list your active certifications.
Experience:
- Platform, DevOps, infrastructure engineering: 10 years (Required)
- supporting federal customers: 5 years (Required)
Security clearance:
Work Location: In person
