Architect the compliance engine.
Design and build the policy-as-code infrastructure that sits at the heart of the platform: the enforcement points, evidence pipeline, continuous compliance dashboards, and attestation framework that make "approved to deploy" a machine-verifiable fact, not a permission you wait on.
Own the platform ATO strategy. Chart the path from where we are to a platform-level ATO that programs can inherit.
Navigate RMF, NIST 800-53, NIST 800-171, NIST 800-160, and DoD IL4/IL5 requirements alongside the realities of working with internal security reviewers and external auditors (3PAOs, DCMA).
Be the enterprise security team's most important technical partner. Attend the meetings. Build the trust. Co-author the policies.
Build the agentic AI security model.
Own security architecture across the developer platform. Threat model the full stack—CI/CD pipelines, developer portal, container runtimes, and workstation environments.
Lead the supply chain security effort. SBOM generation, dependency management, container image provenance, vulnerability scanning- you design the enterprise pattern, build the tooling, and make it automatic.
Drive ATO process re-architecture.

Requirements

Masters degree in Computer Science, Information Security, Software Engineering, or related technical field.
15+ years of experience in security architecture, DevSecOps, platform security, or related disciplines—with significant hands-on work, not just advisory roles.
Deep expertise in policy-as-code tooling: Open Policy Agent (OPA), Kyverno, Rego, Sentinel, or equivalent.
Strong working knowledge of compliance frameworks: NIST 800-53, NIST 800-171, NIST 800-160, FedRAMP, DoD IL4/IL5/6, RMF, CMMC.
Hands-on experience with container and Kubernetes security: admission controllers, image scanning, network policies, runtime security, and hardened base images.
Experience with CI/CD pipeline security: SAST/DAST, SCA, container scanning, IaC scanning, secrets management, hardened images/libraries, and how to integrate these into developer workflows without crushing velocity.
Familiarity with software supply chain security: supply chain integrity frameworks (SLSA, in-toto), SBOM standards (CycloneDX, SPDX), signed commits, and provenance tooling.
Experience designing security for AI-assisted development environments, including agent tooling, MCP server governance, LLM-integrated development pipelines, or equivalent emerging threat surfaces (or demonstrated ability to reason credibly about novel security architectures).
Proven ability to engage effectively with security and compliance stakeholders—not just technically, but organizationally.
Excellent communication skills—you can explain a Kubernetes admission webhook to a CISO and a FedRAMP control to a platform engineer, and make both conversations productive.
U.S. citizenship required; ability to obtain and maintain a security clearance.

Benefits

Health and Wellness programs
Income Protection
Paid Leave
Retirement

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security architectureDevSecOpspolicy-as-codeOpen Policy AgentKubernetes securityCI/CD pipeline securitysupply chain securityAI-assisted development securityvulnerability scanningcontainer security

Soft Skills

communication skillsstakeholder engagementtrust buildingcollaborationorganizational skills