DevSecOps Cybersecurity Architect

ILS Inc. is seeking an experienced Development Security and Operations (DevSecOps) Cybersecurity Architect to drive the secure design, development, and deployment of enterprise IT systems for a federal program. This role is critical in integrating security into every stage of the software development lifecycle (SDLC) and DevOps pipeline, ensuring compliance with federal cybersecurity requirements (NIST 800-53, FedRAMP). 

PREFER LOCAL TO DC METRO AREA 

• Develop a comprehensive roadmap and implementation plan for achieving Continuous Authorization to Operate (cATO), including integration with DevSecOps pipelines and compliance processes.
• Architect and develop secure DevSecOps practices, embedding security into CI/CD pipelines and development workflows.
• Design the enterprise DevSecOps reference architecture, including governance, automation strategy, and control inheritance model.
• Design and maintain cybersecurity architecture strategies aligned with federal and program security objectives.
• Define security-by-design principles to ensure compliance is embedded across the software development lifecycle (SDLC).
• Collaborate with development, operations, and security teams to design automation-driven security controls across application and infrastructure layers.
• Evaluate, recommend, and implement tools that enhance the organization’s security posture
• Serve as the primary security point of contact for assigned federal information systems throughout the DevSecOps Life Cycle.
• Advise leadership on tooling strategy, risk management, and compliance automation to accelerate cATO readiness.
• Collaborate with federal stakeholders, ISSOs, and system owners to align modernization activities with security objectives.
• Ensure compliance with NIST 800-53, FedRAMP, and agency-specific cybersecurity frameworks.
• Implement tools and processes for supply chain management such as SBOM management, container security and scanning.
• Coordinate with system owners, engineers, developers, and external stakeholders to implement security controls and remediation strategies.
• Establish policy, process, and governance models to standardize secure development, testing, and deployment across multiple programs
• Develop DevSecOps maturity models and performance metrics to track progress toward continuous authorization and operational resilience.

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field.
• 7+ years of cybersecurity or information security experience, with hands-on experience in secure software development or DevSecOps.
• Strong knowledge of NIST SP 800-53, FedRAMP, ATO/cATO, and RMF processes.
• Experience with containerization and cloud-native security (Docker, Kubernetes/EKS, ECS/Fargate).
• Familiarity with security automation and scanning tools (e.g., Snyk, Twistlock, SonarQube, Nessus, Qualys).
• Experience preparing and maintaining ATO packages and supporting Continuous Monitoring (ConMon).
• Excellent technical documentation, communication, and leadership skills

Preferred Skills

• Professional certifications such as CISSP, CISM, CAP, or Security+.
• Experience using eMASS, CSAM, or other compliance management platforms.
• Understanding of cloud security controls in AWS, Azure, or GCP environments.
• Strong background in supply chain security, SBOM management, and zero-trust architecture.
• Experience supporting federal applications and mission-critical environments.